https://www.openssl.org/news/secadv_20140407.txt
Heartbleed Bug
You can also Test your server for Heartbleed (CVE-2014-0160).
Status of different versions:
OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
OpenSSL 1.0.1g is NOT vulnerable
OpenSSL 1.0.0 branch is NOT vulnerable
OpenSSL 0.9.8 branch is NOT vulnerable
Bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug.
How to Fix the Heartbleed Vulnerability
yum clean all yum update openssl openssl-devel yum reinstall keyutils-libs* openssh* -y /etc/init.d/httpd restart
This will update the packages that contained the vulnerability and restart the HTTP service. Once this is done, we also recommend that you restart all services that use openssl by doing the following:
/scripts/restartsrv_sshd && /scripts/restartsrv_mailman && /scripts/restartsrv_cpdavd && /scripts/restartsrv_cpsrvd && /scripts/restartsrv_httpd && /scripts/restartsrv_exim && /scripts/restartsrv_named && /scripts/restartsrv_dovecot && /scripts/restartsrv_courier && /scripts/restartsrv_pureftpd && /scripts/restartsrv_proftpd && /etc/init.d/cups restart
After all services have restarted successfully you can check the result by performing this one last command and confirming you have this fix in your changelog:
rpm -q --changelog openssl | grep CVE-2014-0160 - fix CVE-2014-0160 - information disclosure in TLS heartbeat extension
As long as you receive the return line described above, you’re all set. If you have any issues, please don’t hesitate to open a support ticket.
We’d love to hear from you how we’re doing on our articles. Please feel free to leave a comment below!