Information and Downloads on the Heartbleed Bug

The Heartbleed vulnerability allows an attacker to read random 64k blocks of memory of the service using OpenSSL (with TLS). Since every request delivers another 64k memory block an attacker could retrieve sensitive data from the service i.e. private keys. More detailed information about Heartbleed can be found in the security advisory:

http://www.kb.cert.org/vuls/id/720951 and here http://www.infoq.com/news/2014/04/heartbleed-ssl

This vulnerability is only if running the following services are using OpenSSL with TLS:

• openvpn
• squid
• freeradius
• asterisk
• curl
• pound
• tor
• transmission

Depending on your setup you may not be affected by Heartbleed.

In addition, NETGEAR confirms there are no vulnerabilities to the Heartbleed bug in thier routers running factory firmware.

If you are running and old version of DD-WRT, Tomato or a NETGEAR supplied DD-WRT buid here are the links for new builds that have the Heartbleed fixes

DD-WRT Releases by Kong

• DD-WRT K3 for NETGEAR R6300v2 WiFi Router Kong
• DD-WRT K3 for NETGEAR R6250 WiFi Router Kong
• DD-WRT K3 for NETGEAR R7000 Nighthawk WiFi Router Kong build
• DD-WRT Kong Mod WNDR4500V1/V2 Updated with latest openssl for Heartbleed

Tomato Releases

• Tomato by Shibby for WNR3500Lv1 117-VPN
• Tomato by Shibby for WNR3500Lv2 v117 (All In One)
• Tomato by Toastman for WNR3500Lv1 1.28.7505 (USB)
• Tomato by Toastman for WNR3500Lv1 1.28.7505 (VPN)
• Tomato by Toastman for WNR3500Lv2 1.28.7505

DD-WRT Releases by NETGEAR