Might wanna recompile or patch that OpenSSL, buddy (4/7/2014)


Premium Buffalo-based Hosting


Active Member
CentOS updated openssl is available now according to

yum list openssl openssl-devel -q
Installed Packages
openssl.x86_64                                                             1.0.1e-16.el6_5.4                                                       @updates
openssl-devel.x86_64                                                       1.0.1e-16.el6_5.4                                                       @updates
Available Packages
openssl.x86_64                                                             1.0.1e-16.el6_5.7                                                       updates 
openssl-devel.x86_64                                                       1.0.1e-16.el6_5.7                                                       updates


New Member
Verified Provider
By the way, OpenSSH is NOT vulnerable to this. Because it does not use the TLS protocol. So you don't need to worry about changing keypairs, etc.


Dormant VPSB Pathogen
After updating the OpenSSL package, check which services are using the old OpenSSL libraries with 'lsof -n | grep ssl | grep DEL' - then restart as needed.
I think that bears repeating. :)  Also, if you have an OpenVZ VPS, depending on the kernel version, that command may not give any output and so you may have to run just "lsof -n | grep ssl" and restart anything that uses SSL to be on the safe side (or you could just reboot...)

On another note, I just discovered that lsof wasn't installed on my Vultr Tokyo VPS (fixed by apt-get lsof)
Last edited by a moderator:


Insert Witty Statement Here
Verified Provider
FYI, CentOS 6.5 will still have the version "e" version string, but it WAS Backported. 


The ocean is digital
Got the update today. Apparently the guide+script I linked before doesn't fix it, I just got false negatives from that test site and I'm not ashamed to say I couldn't test this exploit if my life depended on it. Yum update it is!