Skip to content

How to Fix Heartbleed Vulnerability in CentOS 6.x

April 11, 2014

Heartbleed is a serious vulnerability in OpenSSL 1.0.1 through 1.0.1f.

It allows an attacker to read 64 kilobyte chunks of memory from servers and clients that connect using SSL through a flaw in the OpenSSL’s implementation of the heartbeat extension.

The 64K is enough to steal passwords and server certificate private keys – information that can be used to let malicious services masquerade as genuine ones.

If you have affected Server, use the command yum update, update the package openssl and reboot the system.

Must to have:

It is recommended that you regenerate all SSH keys and reset all passwords across the affected server.

Note:
This vulnerability don’t affected the CentOS 5.x server using OpenSSL 0.9.8. This old version is never contained this heartbleed vulnerability.

Advertisements

From → centos, redhat

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: