How to Fix Heartbleed Vulnerability in CentOS 6.x

Heartbleed is a serious vulnerability in OpenSSL 1.0.1 through 1.0.1f.

It allows an attacker to read 64 kilobyte chunks of memory from servers and clients that connect using SSL through a flaw in the OpenSSL’s implementation of the heartbeat extension.

The 64K is enough to steal passwords and server certificate private keys – information that can be used to let malicious services masquerade as genuine ones.

If you have affected Server, use the command yum update, update the package openssl and reboot the system.

Must to have:

It is recommended that you regenerate all SSH keys and reset all passwords across the affected server.

This vulnerability don’t affected the CentOS 5.x server using OpenSSL 0.9.8. This old version is never contained this heartbleed vulnerability.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s