[Solved] Open SSL Heartbleed vulnerability – A complete check and fix

By -

In this time, we all are aware about the new Open SSL Heartbleed vulnerability. The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. You will get more details from this link Heartbleed.

The open SSL version 1.0.1 version has vulnerabilities except 1.0.1g and other versions. Different communities are already released updates.

How to check if the Open SSL installed is patched or not ?
You can find this by different method. This link will help you to find out your domain’s Open SSL status.
You can check the same from the server back-end also. The following OS may effected the Heartbleed Vulnerabilities.

OpenBSD 5.3 (OpenSSL 1.0.1c 10 May 2012) and 5.4 (OpenSSL 1.0.1c 10 May 2012)
FreeBSD 10.0 - OpenSSL 1.0.1e 11 Feb 2013
NetBSD 5.0.2 (OpenSSL 1.0.1e)
OpenSUSE 12.2 (OpenSSL 1.0.1c)
Debian Wheezy (stable), OpenSSL 1.0.1e-2+deb7u4
Ubuntu 12.04.4 LTS, OpenSSL 1.0.1-4ubuntu5.11
CentOS 6.5, OpenSSL 1.0.1e-15
Fedora 18, OpenSSL 1.0.1e-4

You can check it by executing the following command.

rpm -q --changelog openssl | grep CVE-2014-0160

If the above commands returns output like “- fix CVE-2014-0160 – information disclosure in TLS heartbeat extension” then, we can conclude the server’s Open SSL is already patched.

Example:

root@test [~]# rpm -q --changelog openssl | grep CVE-2014-0160
- fix CVE-2014-0160 - information disclosure in TLS heartbeat extension

You may use the YUM command and check the release note to find out if it is updated or not.

yum info openssl

Example:

root@test [~]# yum info openssl|egrep -i "Release|Version"
Version     : 1.0.1e
Release     : 16.el6_5.7
Version     : 1.0.1e
Release     : 16.el6_5.7

In this example the first two lines are indicating the Version and Release details of installed Opes SSL and the second two lines are the corresponding Version and Release details of available updates.

How to update the Open SSL to overcome the vulnerabilities ?
Please do follow the steps below:

Step 1 : Login to server as root user.
Step II : Upgrade the Open SSL package using YUM

yum clean all
yum update openssl

Step II : Restart Apache

/etc/init.d/httpd stop
/etc/init.d/httpd start

If it is cPanel server restart the cPanel service also. I recommend a Stop – Start rather than a restart. :-)

/etc/init.d/cpanel stop
/etc/init.d/cpanel start

Different communities have already released updates.

Debian: http://www.debian.org/security/2014/dsa-2896
Ubuntu: http://www.ubuntu.com/usn/usn-2165-1/
Fedora: https://lists.fedoraproject.org/pipermail/announce/2014-April/003206.html
CentOS: http://lists.centos.org/pipermail/centos-announce/2014-April/020249.html

If you are using LiteSpeed, upgrade LiteSpeed also >> http://blog.litespeedtech.com/2014/04/08/litespeed-security-patch-to-fix-heartbleed-bug-in-openssl/ <<

Thanks. :-)

Sr. Linux Server Admin, Infopark, Cochin, Kerala. Contact me : arun(at)crybit.com

2 Comments to [Solved] Open SSL Heartbleed vulnerability – A complete check and fix

  1. Manikandan Subramanian

    How to fix the OpenSSL Heartbleed bug on the Windows servers.
    does OpenSSL is not part of windows operating system
    if i am incorrect, please correct me.
    if its related to windows servers, please suggest how to update the latest version in windows OS.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Current ye@r *