Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

OpenSSL vulnerability CVE-2014-0224

Discussion in 'Security' started by RyanH, Jun 5, 2014.

  1. RyanH

    RyanH Registered

    Joined:
    Feb 25, 2014
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Is there a recommended update path for the CVE-2014-0224 vulnerability in OpenSSL? Unlike Heartbleed it looks like all OpenSSL versions are affected.
     
  2. avibodha

    avibodha Member

    Joined:
    Mar 23, 2013
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
  3. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    1,011
    Likes Received:
    88
    Trophy Points:
    78
    cPanel Access Level:
    DataCenter Provider
    Re: openssl security update, RHSA-2014:0625-1

    I do not believe you need to run EA, someone please correct me if I'm wrong.

    You do, however, need to restart any services using SSL. A lot of times just restarting the server is easier than restarting all the individual services.
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,470
    Likes Received:
    421
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Try here:
    WHM > Software > Update System Software
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,470
    Likes Received:
    421
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Threads merged.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. vikins

    vikins Well-Known Member

    Joined:
    Oct 3, 2006
    Messages:
    108
    Likes Received:
    1
    Trophy Points:
    168
    I first did "yum clean all" then I did "yum update openssl" and here is the output:

    Loaded plugins: fastestmirror
    Determining fastest mirrors
    epel/metalink | 12 kB 00:00
    * epel: mirror.cogentco.com
    base | 3.7 kB 00:00
    base/primary_db | 3.5 MB 00:00
    epel | 4.4 kB 00:00
    epel/primary_db | 5.1 MB 00:00
    extras | 3.4 kB 00:00
    extras/primary_db | 18 kB 00:00
    updates | 3.4 kB 00:00
    updates/primary_db | 2.9 MB 00:00
    Setting up Update Process
    No Packages marked for Update


    Notice "No Packages marked for Update". I've tried it on two different CentOS servers, same thing. When I go to that actual mirror it is there:

    Index of /pub/openssl

    I don't understand what is going on, I'm not patached yet!

    yum info openssl:

    Version : 1.0.1e
    Release : 16.el6_5.7

    Why won't it download the new version?
     
  7. vikins

    vikins Well-Known Member

    Joined:
    Oct 3, 2006
    Messages:
    108
    Likes Received:
    1
    Trophy Points:
    168
    Found this info:

    /etc/yum.repos.d/CentOS-Base.repo

    Comment out mirrorlist line and uncomment the baseurl line in each stanza.

    Then run:
    yum clean all
    yum update openssl

    Say YES to the prompt. You'll notice the updated version will not be 1.0.1h but a subversion of 1.0.1e, but it will be patched.

    Now, reboot all of your services or just reboot your whole server to be sure.

    Restore CentOS-Base.repo to its previous state.
     
  8. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,803
    Likes Received:
    1,898
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello :)

    I just wanted to note that updates don't always change the version number. You can check to see if the patch has been backported after updating with a command such as:

    Code:
    rpm -q --changelog openssl | grep CVE-2014-0224
    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice