Do You Have Heartbleed Vulnerability Issues?

heartbleed-bug-graphic-350px

There has been a recent flood of questions and concerns relating to the Heartbleed Bug and your vulnerability to the cyber threat. Not everyone is directly affected by the recent threat but it raises the question of who is affected and how to make sure that you’re in the clear for any potential exposures.

Who is affected?

Customers running the OpenSSL project on their server could be affected by the recently discovered vulnerability.  The threat has been identified in the OpenSSL project affecting versions 1.0.1 and 1.0.2 (CVE-2014-0160). Clients that are running Linux and are using SSL could be affected by this issue and should upgrade to a patched version as soon as possible. Any services using OpenSSL libraries must be restarted after applying any patch/fix.

Where is the Patch Available?

A patch is available for all major distributions of OpenSSL.

Please refer to the links below to find the appropriate patch for your system.

Ubuntu: http://www.ubuntu.com/usn/usn-2165-1/

Fedora: https://lists.fedoraproject.org/pipermail/announce/2014-April/003205.html

RHEL: https://rhn.redhat.com/errata/RHSA-2014-0376.html

CentOS: http://www.spinics.net/lists/centos-announce/msg04910.html

Debian: https://security-tracker.debian.org/tracker/CVE-2014-0160

Taking Action

Caronet is posting this notice to our customers and our readers as a courtesy, so that you may patch potentially affected systems.  If you need assistance in applying or updating the OpenSSL libraries, please contact support@carohosting.com.

FAQ

Are Windows Servers affected by this vulnerability?

No, Windows Systems using standard IIS are not affected by this vulnerability.

Can Caronet assist me with applying this patch/fix?

Yes, if you need support please contact support@carohosting.com.

Is there a place where I can read more information about this vulnerability?

Yes, please visit the links below.

Heartbleed Bug: http://heartbleed.com

SANS ISC: https://isc.sans.edu/forums/diary/OpenSSL+CVE-2014-0160+Fixed/17917

Share this Blog Post
Share on Facebook0Share on Google+0Share on LinkedIn5Tweet about this on Twitter0

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>