The Heartbleed Bug

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library, you can read more about it here:

<a href="http://heartbleed.com/">http://heartbleed.com/</a>
This has been fixed by the vendor in the openssl-1.0.1e-16.el6_5.7.i686.rpm and openssl-1.0.1e-16.el6_5.7.x86_64.rpm for i386 and x86_64 CentOS platforms respectively.

The status of current OpenSSL versions is as follows:

•    OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
•    OpenSSL 1.0.1g is NOT vulnerable
•    OpenSSL 1.0.0 branch is NOT vulnerable
•    OpenSSL 0.9.8 branch is NOT vulnerable

If you are running a vulnerable version, we suggest you update this as soon as possible, to do so, run:
# yum update openssl

&nbsp;

You can review further information at the following URLs:

<a href="https://www.centos.org/forums/viewtopic.php?f=13&amp;t=45814">https://www.centos.org/forums/viewtopic.php?f=13&amp;t=45814</a>

<a href="https://www.openssl.org/news/secadv_20140407.txt">https://www.openssl.org/news/secadv_20140407.txt</a>

<a href="https://access.redhat.com/security/cve/CVE-2014-0160">https://access.redhat.com/security/cve/CVE-2014-0160</a>



Share this post


Comments