Implication of applying patch / renew SSL cert on non-vulnerable Heart-Bleed OpenSSL versions
Posted on 2014-04-21
The vulnerable versions are 1.0.1 to 1.0.1f
I have 1.0.1g & 0.9.8 (& its branch versions)
as well asl 0.9.7d
0.9.7d was not indicated as vulnerable or non-vul but I'm inclined to believe
it's not as the Heartbleed vulnerability appears to start to surface starting
from 1.0.1 (sort of coding flaw started at that time): is this assumption right?
if a colleague accidentally applied patches on non-vulnerable versions,
what's the implication? Or does it allow the patch in RHES/Solaris x86/
SuSE Linux to go through? I don't have access to Linux to test this out.