Please note the following versions of OpenSSL:
- OpenSSL 1.0.1 through to 1.0.1f (inclusive) is vulnerable
- OpenSSL 1.0.1g is NOT vulnerable
- OpenSSL 1.0.0 is NOT vulnerable
- OpenSSL 0.9.8 is NOT vulnerable
To check whether your server is vulnerable, on CentOS / Red Hat, run:
rpm -qa openssl*
Or
yum info openssl | egrep \”Package|Version|Release\”
On Ubuntu Server:
dpkg -l | grep openssl
(On Ubuntu, ensure the version returned matches the ones mentioned here.)
You can patch / upgrade the openssl version yourself. Just run the following commands on your appropriate server(s).
# For the Linux cPanel server:
- yum update openssl -y
- for service in sshd pure-ftpd httpd exim cpanel courier-imap ; do /etc/init.d/$service restart; done
- /etc/init.d/httpd stop;/etc/init.d/httpd startssl
# For the Linux Plesk server:
- yum update openssl -y
- /etc/init.d/psa stopall
- /etc/init.d/psa startall
- /etc/init.d/psa restart
# For the Linux plain server:
- * yum update openssl -y
- * Just restart all SSL-enabled services or reboot the system.
In the interest of customer security, we would strongly advise to change cPanel/WHM password and account password of the hosting billing area.
Incoming searches related to OpenSSL vulnerability
- openssl vulnerability database
- openssl vulnerability 2009
- ssl version 2 vulnerability
- openssl security
- openssl linux
- openssl exploit
- openssl buffer overflow
- openssl bug