Recently, a vulnerability was announced with OpenSSL based on a bug called Heartbleed:
“This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).”
This vulnerability impacts OpenSSL versions 1.0.1 and 1.0.2-beta. ServInt customers may have this vulnerability if they are running CentOS 6. CentOS 4 and 5 do not have versions impacted by the Heartbleed vulnerability.
You can check if you are vulnerable by visiting http://filippo.io/Heartbleed/ or by running the this command via SSH:
rpm --changelog -q openssl |grep CVE-2014-0160
If there is no output that means your version of openssl is vulnerable. If there is output it means that your version of OpenSSL has been patched. If OpenSSL is vulnerable on your server, you’re in luck, there is a patch. If you are using WHM/cPanel you can run an update by:
- WHM »cPanel »Upgrade to Latest Version
- WHM »Restart Services »HTTP Server (Apache)
- Click the “Force a reinstall even if the system is up to date.”
If you are not WHM/cPanel, you can run:
yum update -y openssl /etc/init.d/httpd restart
After you have updated the software, you can run the rpm command or visit the site again to see the updated results.
If you have any issues please feel free to open a support ticket in your ServInt customer portal.