OpenSSL/Heartbleed vulnerability on BastionLinux
BastionLinux is not affected by the OpenSSL/Heartbleed vulnerability - but bitcoiners beware!
BastionLinux/x86_64 uses OpenSSL 1.0.0d, with strong crypto and a bunch of elliptic curves enabled so we can support bitcoin. This version of OpenSSL is not affected by the recently published vulnerability. If you're running any of our AMI images out of AWS/Marketplace (Zenoss, Chef, Plone), then the Apache/SSL is perfectly secure.
However, this vulnerability is present in our Raspberry Pi/ARM image and if you've downloaded it we strongly recommend that you upgrade to our openssl-1.0.1g release if you've actually got your RPi internet-facing and running Apache/SSL.
Something not so well publicised is that if you are running bitcoind from Bitcoin Foundation and have exposed the RPC service to the internet (or otherwise untrusted IP's), then (i) hopefully you have set up the X509/PKI features; (ii) it is highly likely that this service is also vulnerable to Heartbleed.
Bitcoin on our image is affected and we strongly recommend that you upgrade openssl and restart your bitcoind. On BastionLinux/RPi, open the terminal and do the following commands:
$ sudo yum update $ sudo monit restart bitcoin
Whatsmore, applications such as PyQt4 which provide the basis of the bitcoin/client GUI, and BitcoinArmory also use potentially vulnerable OpenSSL on any Linux distro. I am not sure exactly how feasible it is to use this exploit to compromise an online wallet, but there is certainly plenty of incentive to make such an attempt. I would strongly advise taking your wallet offline until you've upgraded your OpenSSL.