Introduction

Yesterday, security researchers announced The Heartbleed Bug as a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected by the SSL/TLS encryption. A lot of web applications are protected by OpenSSL such as email, web servers, instant messaging and virtual private servers (VPNs).

 

This vulnerability was introduced in OpenSSL version 1.0.1. It has been in the open internet since March of 2012 and has been patched with OpenSSL version 1.0.1g released on April 7th 2014.

 

Linux distributions are actively working on updating their packages and pushing out the upgraded/patched version of OpenSSL as well as testing if your server is vulnerable or not.

 

Are you affected by The Heartbleed Bug?

Security firm Codenomicon reports that you are likely to be affected either directly or indirectly. OpenSSL is the most popular open source cryptographic library and TLS (transport layer security) implementation used to encrypt traffic on the Internet.

 

How to protect form The Heartbleed Bug?

All mirrors are actively being updated to include the upgraded version of OpenSSL and its dependencies. Therefore, highly we recommend that you update your system in order to get the latest and patched version of OpenSSL.

 

On CentOS and Fedora based systems, you can update by typing:

 

sudo yum update -y

 

On Ubunto or Debian based systems you can type:

 

sudo apt-get update
sudo apt-get dist-upgrade

 

On Arch Linux update the packages as follows:

 

sudo pacman -Syu

 

By following this directions, your system should update to the latest package versions including OpenSSL. You should be able to verify if OpenSSL has been upgraded to the new and or patched version by obtaining a variant of OpenSSL in the list of upgraded packages.

 

Remember to reboot your system in order to force the VPS to use the latest OpenSSL.

 

sudo shutdown -r now

 

How to check your OpenSSL version on Linux?

It is best to check the OpenSSL version through the package version instead of the direct OpenSSL version. This is due to the fact that not all distributions are releasing a new version but a patched version through a new package.

 

For CentOS

 

rpm -q -a | grep "openssl"

 

Your output should be something like this:

 

openssl-1.0.1e-16.el6_5.7.x86_64

 

For Ubuntu and Debian you should type this:

 

dpkg -l | grep "openssl"

 

Your output should be like this:

 

ii  openssl                            1.0.1e-2+deb7u6               amd64        Secure Socket Layer (SSL) binary and related cryptographic tools

 

Please, confirm with your specific distribution for the updated/patched package version.

 

Test on a Miami VPS Now

or

Deploy on a Miami Dedicated Server

Was this answer helpful? 2 Users Found This Useful (7 Votes)

Most Popular Articles

Add VirtIO Ethernet Drivers to a Windows VPS

Make sure to install the VirtIO Drivers in order for you Windows VPS to install the correct...
Basic iptables Firewall Security Rules for your Linux VPS

Learning iptables could be a daunting task for many of us. It usually takes time and dedication...
Change IP address on CentOS VPS Server

In this tutorial, we'll give you a step by step description on how to change your server's IP...
Change IP address on Ubuntu Server VPS

In this tutorial, we'll give you step by step instructions on how to change your server's IP...
Changing outgoing SMTP email on Postfix MTA.

Changing outgoing SMTP email on Postfix MTA.   Most of the time, email servers rejects emails...