Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [heartbleed]

The Heartbleed bug is a vulnerability in OpenSSL's TLS implementation. The CVE ID for this issue is CVE-2014-0160

The Heartbleed vulnerability allows stealing the information which is protected by SSL/TLS encryption, as well as potential disclosure of private keys.

Any application using OpenSSL for its TLS implementation is potentially vulnerable, which means there is large variety of vulnerable applications such as Web browsers, Email clients and Instant Messaging softare.

See http://heartbleed.com or CVE-2014-0160 for more information.

63 questions
1
vote
1 answer

Can't upgrade Ubuntu 12.04.4 LTS to fix Heartbleed - Errors with nagios-nrpe-server and bind9

an anyone help? I am trying to upgrade but a get error messages about nagios-nrpe-server and bind. Here is the console output: >apt-get upgrade Reading package lists... Done Building dependency tree Reading state information... Done 0 to…
Nick Weavers
  • 501
  • 4
  • 8
1
vote
1 answer

How to disable SSL-VPN on FortiOS 5.0

Hearbleed issue. Must disable SSL-VPN. I wasnt able to find it in the GUI. Might there happen to be a CLI command?
JustAGuy
  • 629
  • 3
  • 18
  • 35
1
vote
2 answers

Is ISC BIND unaffected with OpenSSL Heartbleed bug?

There is a bug Heartbleed in OpenSSL. I built ISC BIND 9.9.5 with OpenSSL 1.0.1e enable. Should I re-built BIND with OpenSSL 1.0.1g?
Tuan
  • 155
  • 7
1
vote
2 answers

How do I rotate an SSL Certificate as requested by AWS

Amazon AWS sent an email today that users using Elasic Load Balancing (ELB) service with SSL certificates should "Rotate" them for precaution (Heartbleed bug). How exactly do I rotate an ssl certificate? AWS Original Message: "The OpenSSL project…
Banzinho
  • 11
  • 2
1
vote
1 answer

App Engine, OpenSSL and Heartbleed

Has GAE ever used OpenSSL for its frontend servers? It’s quite interesting in the context of the Heartbleed security hole. It would be nice to get a confirmation from Google that no risks are present.
user3515350
  • 21
  • 1
1
vote
1 answer

Heartbleed flaw fix on Debian Wheezy

is there any 100% working method to update openssl to the non vulnerable version on Debian Wheezy. I do not want to upgrade the whole OS, nor would I like to install a non official package. Is there any solution right now ? Thanks
Patrick
  • 31
  • 1
  • 3
1
vote
1 answer

How to upgrade OpenSSL on CentOS 6.5 to protect against heartbleed?

When I go to run: root@vps [~]# yum update -y openssl I get: Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.beyondhosting.net * extras: centos.mirror.nac.net * updates: centos.netnitco.net Setting up…
UKB
  • 113
  • 1
  • 1
  • 5
1
vote
2 answers

How can I check if my embedded Linux's SSL is not affected by heartbleed, without relying on the version number?

There are a lot of embedded Linux device that are built on Linux, that are used exactly for security purposes, like gateways, if I check OpenSSL I get: openssl version -a gets -» OpenSSL 1.0.0k 5 Feb 2013 But this maybe patched or merged and I…
Eduard Florinescu
  • 831
  • 5
  • 24
  • 39
1
vote
2 answers

Is JBoss AS 6 vulnerable to Heartbleed?

We have a series of cloud servers running JBoss AS 6.1.0 community edition. We restrict access to these systems using SSL. We generate an SSL certificate for each server and then manually distribute it to personnel that require access. The server is…
Len
  • 123
  • 1
  • 5
0
votes
2 answers

Does Ubuntu 12.04LTS have the OpenSSL heartbleed fix?

Only OpenSSL 1.0.1f or later has the fix for the heartbleed exploit. So does Ubuntu 12.04LTS have the fix? We need to use 12.04LTS for reasons I won't go into, and we can't upgrade. According to this page, it uses OpenSSL "1.0.1" (with no letter at…
Nick Bolton
  • 5,016
  • 12
  • 51
  • 62
0
votes
0 answers

Updating openssl to fix heartbleed bug tries to remove redis-server

I am trying to fix openssl heartbleed bug on my server. I read that I can update the openssl version with the following command: sudo apt-get install openssl libssl1.0.0 But when i try to run this command i get error like this: libssl-dev :…
maths
  • 101
  • 2
0
votes
0 answers

Should I completely rebuild my server due to Heartbleed?

I have a CentOS 6.5 VPS server... $ uname -a Linux mary 3.14.4-x86_64-linode40 #1 SMP Tue May 13 12:25:05 EDT 2014 \ x86_64 x86_64 x86_64 GNU/Linux When the news about the Heartbleed vulnerability came out, I shut it down. It was running…
Agvorth
  • 2,429
  • 4
  • 28
  • 29
0
votes
1 answer

apache taking old openssl libraries when doing apachectl graceful

Due to heartbleed vulnerability I have recompiled apache with non vulnerable latest openssl(I had to keep old vulnerable openssl due to some dependency problem). It is running fine and when doing heartbleed test for mydomain.com it says 'seems fixed…
Harikrishnan
  • 1,057
  • 2
  • 14
  • 31
0
votes
2 answers

Verify OpenVPN is no longer vulnerable to Heartbleed

As you may know, OpenVPN is vulnerable to the heartbleed attack. However, I can't find any guide online on how to fix it. The only source I've found is this: http://community.openvpn.net/openvpn/wiki/heartbleed Is just doing (in Ubuntu) apt-get…
Jonny
  • 59
  • 1
  • 5
0
votes
2 answers

I have OpenSSL 1.0.1g but my site is still vulnerable?

I've updated my Ubuntu server to use OpenSSL 1.0.1g and when I run sudo openssl version -a I get OpenSSL 1.0.1g 7 Apr 2014 built on: Sat Apr 19 14:15:45 UTC 2014 platform: linux-elf However, sites like https://filippo.io/Heartbleed/ are still…
Brian Weinreich
  • 99
  • 1
  • 9
1 2
3
4 5