How to fix Openssl Heartbleed vulnerability

What’s Heartbleed vulnerability (CVE-2014-0160)?
A serious OpenSSL vulnerability has been found, and is named Heartbleed and it affected all servers running OpenSSL versions from 1.0.01 to 1.0.1f. This vulnerability can be used to get the Private key of a SSL connection, so it is important to update / patch your server immediately. This bug is fixed in OpenSSL version 1.0.1g. All major Linux Distros have already released updates for Hartbleed vulnerability.

How to find out if your server is affected from Openssl Heartbleed vulnerability (CVE-2014-0160)?
Login to your SSH and execute following command to get the installed version number of OpenSSL:

openssl version

The result should be something like this:

openssl version
OpenSSL 1.0.1e 11 Feb 2013

If the version is below 1.0.1g your server might be vulnerable and you should patch it (see how below).
If your server is using a 0.9.8 release like it is used on Debian squeeze, then the server is not vulnerable as the HeartBleed function has been implemented in OpenSSL 1.0.1 and later versions only.

openssl version
OpenSSL 0.9.8o 01 Jun 2010

Fixing the Heartbleed vulnerability
CentOS and Fedora:

yum update

Ubuntu and Debian:

apt-get update
apt-get upgrade


zypper update

Ok, now what?
After this you should restart all the services using OpenSSL but better idea is to restart the whole server just in case.

You can also verify on following site if you successfully closed the Heartbleed security hole on your server:

This post helped you out?
Why not buy me a coffee?

Your message for me
How to restore missing apps after updating Samsung Galaxy S4 to Android 4.4.2 KitKat?
How to remove “X” from search input field on Chrome and IE

Leave a Reply

Your email address will not be published / Required fields are marked *