Sales:  800-573-7846 or Live Chat

The ServInt Source

Patching the Heartbleed Bug in OpenSSL

tech bench server securityRecently, a vulnerability was announced with OpenSSL based on a bug called Heartbleed:

“This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).”

 - heartbleed.com

This vulnerability impacts openssl versions 1.0.1 and 1.0.2-beta. ServInt customers may have this vulnerability if they are running CentOS 6. CentOS 4 and 5 do not have versions impacted by the Heartbleed vulnerability.

You can check if you are vulnerable by visiting the site http://filippo.io/Heartbleed/ or by running the this command via SSH:

rpm --changelog -q openssl |grep CVE-2014-0160

If there is no output that means your version of openssl is vulnerable. If there is output it means that your version of OpenSSL has been patched. If OpenSSL is vulnerable on your server, you’re in luck, there is a patch. If you are using WHM/cPanel you can run an update by:

  1. WHM »cPanel »Upgrade to Latest Version
  2. WHM »Restart Services »HTTP Server (Apache)
  3. Click the “Force a reinstall even if the system is up to date.”

If you are not WHM/cPanel, you can run:

yum update -y openssl
/etc/init.d/httpd restart

After you have updated the software, you can run the rpm command or visit the site again to see the updated results.

If you have any issues please feel free to open a support ticket in your ServInt customer portal.

About Bill Brooks

Bill Brooks is an Escalated technician and the Continuing Education Facilitator for ServInt's Managed Services Team. He is a life-long tech enthusiast and enjoys music, video games and hockey on the side.


The ServInt Source | Web Hosting Blog