Lund University – BioTech
Heartbleed is a serious vulnerability in OpenSSL 1.0.1 through 1.0.1f.
It allows an attacker to read 64 kilobyte chunks of memory from servers and clients that connect using SSL through a flaw in the OpenSSL’s implementation of the heartbeat extension.
The 64K is enough to steal passwords and server certificate private keys – information that can be used to let malicious services masquerade as genuine ones.
If you have affected Server, use the command yum update, update the package openssl and reboot the system.
Must to have:
It is recommended that you regenerate all SSH keys and reset all passwords across the affected server.
This vulnerability don’t affected the CentOS 5.x server using OpenSSL 0.9.8. This old version is never contained this heartbleed vulnerability.