Are You Affected by the Heartbleed Bug?

heartbleed

Important Links:

Full explanation of the HeartBleed Bug

Vulnerability Checker Tool

The Passwords You Need To Change

The Heartbleed vulnerability affects CentOS 6 servers with an OpenSSL version less than 1.0.1e-16.el6_5.7.

You can check the version number in SSH as follows:

root@server.hostname.com: ~
# rpm -qa | grep openssl
openssl-1.0.1e-16.el6_5.7.x86_64
openssl-devel-1.0.1e-16.el6_5.7.x86_64

If a server is reported as vulnerable via the Checker Tool, you will need to run:

yum -y update openssl

Then restart all services:

/scripts/restartsrv http;
/scripts/restartsrv ftp;
/scripts/restartsrv exim;
/scripts/restartsrv imap;
service cpanel restart;

A quick restart of each service will ensure the updated OpenSSL library is loaded into memory. Without restarting these processes it is possible that the old library will still be in use and thus remain vulnerable.

After performing the fix noted above, verify that the issue has been resolved with the vulnerability checker.

After resolving the issue, as a safety precaution, you should generate a new CSR for your SSL certificates to get them reissued. Per the article linked at the top, any SSL that was compromised while the vulnerability was active is still subject to attack even after the fix. You should speak to the issuer of your SSL certificate to get the new certificate. There is an installation process noted for WHM and cPanel on this site for your convenience.

Comments

    • says

      Glad I could help with that. There was a second link to the checker tool before the cli update command. Maybe you want to update that one too for consistency?

Leave a Reply