Weblog

by Bas under | 0 comments

Major Vulnerability found in OpenSSL - Update required

This morning a vulnerability in OpenSSL was disclosed, which allows secure connections to be intercepted.

The OpenSSL package is used for setting up encrypted connections such as SSL and TLS. You may know these connections as SSH connections to your server or the encrypted HTTPS connections in your browser.  You may know these connections as the encrypted connections in your webbrowser indicated by a green lock-icon. OpenSSL is used for secure connections in the major open source web servers (Apache and nginx), mail servers (SMTP, POP and IMAP protocols) and many other applications.

Today a vulnerability called the Heartbleed Bug was disclosed which allows malicious parties to eavesdrop on your encrypted connection, making the encryption ineffective. This also means that transmitted passwords can be captured.

As of now all current operating systems have received updated packages so we urge you to install the updates as soon as possible.

What you should do

In order to close the vulnerability and make your connections safe again the OpenSSL packages must be updated. We will to this today for our Service Level 2 and 3 customers. Service level 1 customers can follow the instructions below.

We also recommend to replace all certificates that are used to protect sensitive data. We can do this for free for Service Level 2 and 3 customers, for Service Level 1 customers our usual rate applies.

The actions required on the server depend on the distribution that is used, the most common ones are listed below:

Ubuntu 12.04/12.10/13.04/13.10 and Debian 7

For Ubuntu 12.04/12.10/13.04/13.10 (with or without Plesk) and Debian 7 (with or without  Plesk) take the following steps.

$ apt-get update
$ apt-get install openssl libssl

After executing these commands all services which use OpenSSL must be restarted, such as webservers like Apache and Nginx and mailservers like Exim and Postfix. To make absolutely sure all packages are restarted we advise you to restart the entire server. Please note that there is a chance your server will perform a filesystem check upon rebooting.


Centos 6 (with or without Plesk)

$ yum install openssl openssl-devel

After executing this command all services which use OpenSSL must be restarted, such as webservers like Apache and Nginx and mailservers like Exim and Postfix. To make absolutely sure all packages are restarted we advise you to restart the entire server. Please note that there is a chance your server will perform a filesystem check upon rebooting.


Centos 6.x with DirectAdmin

With Directadmin the update takes two steps: install the new OpenSSL libraries and recompile the installation. Please note that the recompile takes some time depending on the amount of components you have activated.

$ yum install openssl openssl-devel
$ cd /usr/local/directadmin/custombuild/
$ ./build clean
$ ./build update
$ ./build apache
$ ./build php n
$ ./build dovecot
$ ./build rewrite_confs

All services will be automatically restarted where required. Please note it is still advisable to restart the entire server; when restarting there is a chance your server will perform a filesystem check upon rebooting.

Centos 6.x with CPanel

For these servers one can use the webinterface; commandline access to the server is not required.

1. Logon to WHM
2. Update Server Software
3. Update System software
4. Go to EasyApache > Previously Saved Config > Build profile now

This will update any software that requires or uses OpenSSL to a safe version.

All services will be automatically restarted where required. Please note it is still advisable to restart the entire server; when restarting there is a chance your server will perform a filesystem check upon rebooting.


Should you have any questions relating to this article, please send them to support@cloudvps.com. We will answer any and all questions as soon as possible.

Comments (0)

Leave a comment

Commenting is not available in this channel entry.
VPS Bestellen
VPS Bestellen