Heart Bleed Bug – OpenSSL

A massive vulnerability has been found in OpenSSL, the open-source software package broadly used to encrypt Web communications. The flaw allows attackers to steal the information that is normally protected by SSL/TLS encryption (web applications, e-mail, instant messaging, VPNs, etc).

Essentially, that means a lot of Internet users are affected and passwords and credit card information could be available to hackers.

CentOS released the updated OpenSSL packages which should fix this issue.

# yum update openssl
# service httpd restart

For more information:
http://www.exploit-db.com/exploits/32745/
http://heartbleed.com/

3 thoughts on “Heart Bleed Bug – OpenSSL”

  1. If OpenSSL 1.0.1g fixes this, and mine reports v 1.0.1e-fips after updates, Am i vulnerable?

  2. Test it with the Python script I posted in post. Also, keep in mind that popular distros very often apply security patches to older versions od packages so you can easily update from official repos.

  3. thank you; Indeed it is updated by patch not version upgrade. i was a bit swift in posting but also found that restarting services is also required (webmin).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.