What’s Heartbleed vulnerability (CVE-2014-0160)?
A serious OpenSSL vulnerability has been found, and is named Heartbleed and it affected all servers running OpenSSL versions from 1.0.01 to 1.0.1f. This vulnerability can be used to get the Private key of a SSL connection, so it is important to update / patch your server immediately. This bug is fixed in OpenSSL version 1.0.1g. All major Linux Distros have already released updates for Hartbleed vulnerability.
How to find out if your server is affected from Openssl Heartbleed vulnerability (CVE-2014-0160)?
Login to your SSH and execute following command to get the installed version number of OpenSSL:
openssl version
The result should be something like this:
openssl version OpenSSL 1.0.1e 11 Feb 2013
If the version is below 1.0.1g your server might be vulnerable and you should patch it (see how below).
If your server is using a 0.9.8 release like it is used on Debian squeeze, then the server is not vulnerable as the HeartBleed function has been implemented in OpenSSL 1.0.1 and later versions only.
openssl version OpenSSL 0.9.8o 01 Jun 2010
Fixing the Heartbleed vulnerability
CentOS and Fedora:
yum update
Ubuntu and Debian:
apt-get update apt-get upgrade
OpenSUSE:
zypper update
Ok, now what?
After this you should restart all the services using OpenSSL but better idea is to restart the whole server just in case.
You can also verify on following site if you successfully closed the Heartbleed security hole on your server: http://filippo.io/Heartbleed/
Can't download new apps to your phone because there isn't enough storage space? Lack of…
This issue started to appear on macOS 13 Ventura after recent Dropbox update. I would…
Since this morning (Feb 5th 2020) search just stopped working on my Windows 10 (version…
Many of you have run into a problem when you were working on some old…
After 10 years of running my main desktop computer on Windows 7 - time has…
I installed VestaCP for a clien on a new dedicated server running CentOS 7. Once…