A massive vulnerability has been found in OpenSSL, the open-source software package broadly used to encrypt Web communications. The flaw allows attackers to steal the information that is normally protected by SSL/TLS encryption (web applications, e-mail, instant messaging, VPNs, etc).
Essentially, that means a lot of Internet users are affected and passwords and credit card information could be available to hackers.
CentOS released the updated OpenSSL packages which should fix this issue.
# yum update openssl # service httpd restart |
For more information:
http://www.exploit-db.com/exploits/32745/
http://heartbleed.com/
If OpenSSL 1.0.1g fixes this, and mine reports v 1.0.1e-fips after updates, Am i vulnerable?
Test it with the Python script I posted in post. Also, keep in mind that popular distros very often apply security patches to older versions od packages so you can easily update from official repos.
thank you; Indeed it is updated by patch not version upgrade. i was a bit swift in posting but also found that restarting services is also required (webmin).