Protect your Server Against the Heartbleed OpenSSL Vulnerability

Update your System

PLEASE NOTICE: Backup all your system before big updates!

Ubuntu and Debian

sudo apt-get update
sudo apt-get dist-upgrade

CentOS and Fedora

yum update

 

Checking your Version Numbers

Debian and Ubuntu Releases and Fix Versions

dpkg -l | grep "openssl"
  • Ubuntu 10.04: Unaffected (Shipped with older version prior to vulnerability)
  • Ubuntu 12.04: 1.0.1-4ubuntu5.12
  • Ubuntu 12.10: 1.0.1c-3ubuntu2.7
  • Ubuntu 13.04: SUPPORT END OF LIFE REACHED, SHOULD UPGRADE
  • Ubuntu 13.10: 1.0.1e-3ubuntu1.2
  • Debian 6 (Squeeze): Unaffected (Shipped with older version prior to vulnerability)
  • Debian 7 (Wheezy): 1.0.1e-2+deb7u6
  • Debian testing (Jessie): 1.0.1g-1
  • Debian unstable (Sid): 1.0.1g-1

If you are using Ubuntu 13.04 its HIGHLY RECOMMENDED for you to upgrade your version.
PLEASE NOTICE: Backup all your system before big updates!
Check for your OpenSSL version
dpkg -l | grep “openssl”

Check for your Ubuntu version
lsb_release -a

root@localhost:~# dpkg -l | grep "openssl"
ii libcurl4-openssl-dev 7.29.0-1ubuntu3.4 amd64 development files and documentation for libcurl (OpenSSL flavour)
ii libgnutls-openssl27:amd64 2.12.23-1ubuntu1.1 amd64 GNU TLS library - OpenSSL wrapper
ii openssl 1.0.1c-4ubuntu8.2 amd64 Secure Socket Layer (SSL) binary and related cryptographic tools
root@localhost:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 13.04
Release: 13.04
Codename: raring

CentOS and Fedora Releases and Fix Versions

rpm -q -a | grep "openssl"
  • CentOS 5: Unaffected (Shipped with older version prior to vulnerability)
  • CentOS 6: openssl-1.0.1e-16.el6.5.7
  • Fedora 17: Unaffected (Shipped with older version prior to vulnerability)
  • Fedora 19: openssl-1.0.1e-37.fc19.1If your OpenSSL Fedora version number doesn’t ends in .1 you are vulnerable!

 

Check for your OpenSSL version
rpm -q -a | grep “openssl”

Check for your Ubuntu version
cat /etc/redhat-release

[root@stream4 ~]# rpm -q -a | grep "openssl"
openssl-1.0.1e-16.el6_5.4.x86_64
[root@stream4 ~]# cat /etc/redhat-release
CentOS release 6.5 (Final)

 

Revoking and Reissuing your SSL Certs/Keys

  • regenerate your certificate using a new private key
  • create new key and then create the certificate or send CSR to certificate authority issuer to create the new certificate
  • replace the old certificate and start using the new ones.

 

Read more at https://www.digitalocean.com/community/articles/how-to-protect-your-server-against-the-heartbleed-openssl-vulnerability

USN-2165-1: OpenSSL vulnerabilities
http://www.ubuntu.com/usn/usn-2165-1/

Red Hat Announce
https://www.redhat.com/archives/rhsa-announce/2014-April/msg00017.html

Red Hat Updated packages
https://rhn.redhat.com/errata/RHSA-2014-0376.html

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.