The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
This issue was fixed in the backported fixes of versions of openssl 1.0.1-16.el6_5.7 and later.
This bug was introduced in ClearOS version 6.5 and was fixed in updates shortly after the announcement of the bug. This issue does not exist in any previous or later version of ClearOS.
If you are running ClearOS 6.5, please ensure that you are running the latest updates:
You may also validate your version by running:
rpm -qi openssl
You should validate that you are running openssl 1.0.1-16.el6_5.7 or later.