It has come to our attention that there are vulnerabilities in the
relatively new 1.0.1-series of OpenSSL (as detailed by http://heartbleed.com/) affecting TLS enabled customer services via a heartbeat extension.
While there are no indications that this affects TLS-based
EAP-mechanisms or RADIUS/TLS (aka RadSec) at this time, the operational
team has made the decision to upgrade openssl to versions implementing a
fix for CVE-2014-0160