OpenSSL Heartbleed Bug (< 1.0.1g) - Encryption keys at risk

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
The thread you referenced suggests running EasyApache. Do you notice the same OpenSSL version difference in your phpinfo file after running EasyApache?

Thank you.
 

avibodha

Member
Mar 23, 2013
11
1
53
cPanel Access Level
Root Administrator
Re: OpenSSL Heartbleed Bug (&lt; 1.0.1g) - Encryption keys at risk

Yes I did and it has the same version in phpinfo, Open SSL 1.0.0.
yum update has no updates for it either.

- - - Updated - - -

...but I didn't
# rm -rf /opt/curlssl
as the poster suggested...wanted to hear if that would break anything first.

actually just found out that
OpenSSL 1.0.0 branch is NOT vulnerable, so that's OK for now.
 
Last edited:

ravijas

Member
Jul 24, 2014
13
1
3
cPanel Access Level
Root Administrator
Heartbleed-OpenSSL Vulnerability

Hi,

Maldet is showing following warning regarding heartbleed vulnerability.

ATTENTION !! OpenSSL heartbleed vulnerability detected in openssl-1.0.1e-30.el6_5.2.x86_64 package, run 'yum update -y openssl' and restart server immediately!
We have checked it using following cmd.
# rpm -q --changelog openssl | grep CVE-2014-0224
- fix CVE-2014-0224 fix that broke EAP-FAST session resumption support
- fix CVE-2014-0224 - SSL/TLS MITM vulnerability
So please let us know if there is still any problem with openssl.

More info:

# rpm -qa |grep openssl
openssl-1.0.1e-30.el6_5.2.x86_64
openssl098e-0.9.8e-18.el6_5.2.x86_64
openssl-devel-1.0.1e-30.el6_5.2.x86_64
# arch
x86_64
# cat /etc/redhat-release
CentOS release 6.5 (Final)
Thanks,

RaviJas