The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

OpenSSL vulnerability CVE-2014-0224

Discussion in 'Security' started by RyanH, Jun 5, 2014.

  1. RyanH

    RyanH Registered

    Joined:
    Feb 25, 2014
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Is there a recommended update path for the CVE-2014-0224 vulnerability in OpenSSL? Unlike Heartbleed it looks like all OpenSSL versions are affected.
     
  2. avibodha

    avibodha Member

    Joined:
    Mar 23, 2013
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
  3. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    942
    Likes Received:
    57
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    Re: openssl security update, RHSA-2014:0625-1

    I do not believe you need to run EA, someone please correct me if I'm wrong.

    You do, however, need to restart any services using SSL. A lot of times just restarting the server is easier than restarting all the individual services.
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,482
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Try here:
    WHM > Software > Update System Software
     
  5. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,482
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Threads merged.
     
  6. vikins

    vikins Well-Known Member

    Joined:
    Oct 3, 2006
    Messages:
    93
    Likes Received:
    1
    Trophy Points:
    8
    I first did "yum clean all" then I did "yum update openssl" and here is the output:

    Loaded plugins: fastestmirror
    Determining fastest mirrors
    epel/metalink | 12 kB 00:00
    * epel: mirror.cogentco.com
    base | 3.7 kB 00:00
    base/primary_db | 3.5 MB 00:00
    epel | 4.4 kB 00:00
    epel/primary_db | 5.1 MB 00:00
    extras | 3.4 kB 00:00
    extras/primary_db | 18 kB 00:00
    updates | 3.4 kB 00:00
    updates/primary_db | 2.9 MB 00:00
    Setting up Update Process
    No Packages marked for Update


    Notice "No Packages marked for Update". I've tried it on two different CentOS servers, same thing. When I go to that actual mirror it is there:

    Index of /pub/openssl

    I don't understand what is going on, I'm not patached yet!

    yum info openssl:

    Version : 1.0.1e
    Release : 16.el6_5.7

    Why won't it download the new version?
     
  7. vikins

    vikins Well-Known Member

    Joined:
    Oct 3, 2006
    Messages:
    93
    Likes Received:
    1
    Trophy Points:
    8
    Found this info:

    /etc/yum.repos.d/CentOS-Base.repo

    Comment out mirrorlist line and uncomment the baseurl line in each stanza.

    Then run:
    yum clean all
    yum update openssl

    Say YES to the prompt. You'll notice the updated version will not be 1.0.1h but a subversion of 1.0.1e, but it will be patched.

    Now, reboot all of your services or just reboot your whole server to be sure.

    Restore CentOS-Base.repo to its previous state.
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    I just wanted to note that updates don't always change the version number. You can check to see if the patch has been backported after updating with a command such as:

    Code:
    rpm -q --changelog openssl | grep CVE-2014-0224
    Thank you.
     
Loading...

Share This Page