Might wanna recompile or patch that OpenSSL, buddy (4/7/2014)

texteditor

Premium Buffalo-based Hosting

eva2000

Active Member
CentOS updated openssl is available now according to https://rhn.redhat.com/errata/RHSA-2014-0376.html

Code:
yum list openssl openssl-devel -q
Installed Packages
openssl.x86_64                                                             1.0.1e-16.el6_5.4                                                       @updates
openssl-devel.x86_64                                                       1.0.1e-16.el6_5.4                                                       @updates
Available Packages
openssl.x86_64                                                             1.0.1e-16.el6_5.7                                                       updates 
openssl-devel.x86_64                                                       1.0.1e-16.el6_5.7                                                       updates
 

Ishaq

New Member
Verified Provider
By the way, OpenSSH is NOT vulnerable to this. Because it does not use the TLS protocol. So you don't need to worry about changing keypairs, etc.
 

DomainBop

Dormant VPSB Pathogen
After updating the OpenSSL package, check which services are using the old OpenSSL libraries with 'lsof -n | grep ssl | grep DEL' - then restart as needed.
I think that bears repeating. :)  Also, if you have an OpenVZ VPS, depending on the kernel version, that command may not give any output and so you may have to run just "lsof -n | grep ssl" and restart anything that uses SSL to be on the safe side (or you could just reboot...)

On another note, I just discovered that lsof wasn't installed on my Vultr Tokyo VPS (fixed by apt-get lsof)
 
Last edited by a moderator:

Magiobiwan

Insert Witty Statement Here
Verified Provider
FYI, CentOS 6.5 will still have the version "e" version string, but it WAS Backported. 
 

jarland

The ocean is digital
Got the update today. Apparently the guide+script I linked before doesn't fix it, I just got false negatives from that test site and I'm not ashamed to say I couldn't test this exploit if my life depended on it. Yum update it is!
 
Top