[Solved] Open SSL Heartbleed vulnerability – A complete check and fix
In this time, we all are aware about the new Open SSL Heartbleed vulnerability. The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. You will get more details from this link Heartbleed.
The open SSL version 1.0.1 version has vulnerabilities except 1.0.1g and other versions. Different communities are already released updates.
How to check if the Open SSL installed is patched or not ?
You can find this by different method. This link will help you to find out your domain’s Open SSL status.
You can check the same from the server back-end also. The following OS may effected the Heartbleed Vulnerabilities.
OpenBSD 5.3 (OpenSSL 1.0.1c 10 May 2012) and 5.4 (OpenSSL 1.0.1c 10 May 2012) FreeBSD 10.0 - OpenSSL 1.0.1e 11 Feb 2013 NetBSD 5.0.2 (OpenSSL 1.0.1e) OpenSUSE 12.2 (OpenSSL 1.0.1c) Debian Wheezy (stable), OpenSSL 1.0.1e-2+deb7u4 Ubuntu 12.04.4 LTS, OpenSSL 1.0.1-4ubuntu5.11 CentOS 6.5, OpenSSL 1.0.1e-15 Fedora 18, OpenSSL 1.0.1e-4
You can check it by executing the following command.
rpm -q --changelog openssl | grep CVE-2014-0160
If the above commands returns output like “– fix CVE-2014-0160 – information disclosure in TLS heartbeat extension” then, we can conclude the server’s Open SSL is already patched.
root@test [~]# rpm -q --changelog openssl | grep CVE-2014-0160 - fix CVE-2014-0160 - information disclosure in TLS heartbeat extension
You may use the YUM command and check the release note to find out if it is updated or not.
yum info openssl
root@test [~]# yum info openssl|egrep -i "Release|Version" Version : 1.0.1e Release : 16.el6_5.7 Version : 1.0.1e Release : 16.el6_5.7
In this example the first two lines are indicating the Version and Release details of installed Opes SSL and the second two lines are the corresponding Version and Release details of available updates.
How to update the Open SSL to overcome the vulnerabilities ?
Please do follow the steps below:
Step 1 : Login to server as root user.
Step II : Upgrade the Open SSL package using YUM
yum clean all yum update openssl
Step II : Restart Apache
/etc/init.d/httpd stop /etc/init.d/httpd start
If it is cPanel server restart the cPanel service also. I recommend a Stop – Start rather than a restart. 🙂
/etc/init.d/cpanel stop /etc/init.d/cpanel start
Different communities have already released updates.
Debian: http://www.debian.org/security/2014/dsa-2896 Ubuntu: http://www.ubuntu.com/usn/usn-2165-1/ Fedora: https://lists.fedoraproject.org/pipermail/announce/2014-April/003206.html CentOS: http://lists.centos.org/pipermail/centos-announce/2014-April/020249.html
If you are using LiteSpeed, upgrade LiteSpeed also >> http://blog.litespeedtech.com/2014/04/08/litespeed-security-patch-to-fix-heartbleed-bug-in-openssl/ <<