An Urgent Fix is Required for the OpenSSL Vulnerability (CVE-2014-0160). We have described here how to patch Ubuntu and Debian OS. This OpenSSL vulnerability (CVE-2014-0160) may impact versions of OpenSSL 1.0.1 on Linux Operating Systems to include: Debian, RHEL, Fedora, Ubuntu, RHN and CentOS. We have been notified by the communities to warn our readers to fix and apply the patch.
OpenSSL Vulnerability (CVE-2014-0160) : Apply Fix as Urgent
More in depth information can be read here :
1 | http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/ |
We are only describing the patch. For the Rackspace Unmanaged Users, Rackspace Mirror has the fix available. In order to verify the services that are still running with the previously vulnerable library, run:
---
1 | lsof -n | grep ssl | grep DEL |
If you have update-notifier-common installed on Ubuntu or other applicable deb based system; run these two commands and perform a clean reboot after stopping all the associated services one by one :
1 2 3 4 5 | sudo apt-get update sudo apt-get dist-upgrade reboot # if unattended-upgrades package is installed, run sudo dpkg-reconfigure unattended-upgrades |
Generate new SSH and RSA keys and request to re-issue your SSL certificates. Consider to change all the passwords. For rpm based distros, check here :
1 | https://isc.sans.edu/forums/diary/OpenSSL+CVE-2014-0160+Fixed/17917 |
One can test Heartbleed bug here :
1 | http://filippo.io/Heartbleed/ |
