• Contact
  • Contact Us
  • Disclamer
  • Home 1
  • Home 2
  • Home 3
  • Privacy Policy
Wednesday, June 4, 2025
How VPS - How to use/setup VPS
  • Login
  • Home
  • Management guides
    • Web servers software
      • Directadmin
      • Hocvps Script
      • Centmin Mod
      • CWP
      • Kloxo-MR
      • Plesk
    • Control Panels
    • Securing VPS/Servers
      • SSL Certificates
      • Upgrading
      • Authentication
  • Operating System
    • CentOS
    • Fedora
    • Debian
    • Linux
    • Arch
    • BSD
    • CoreOS
  • Reviews
  • Coupon
    • Domain Coupon
    • Hosting Coupon
No Result
View All Result
  • Home
  • Management guides
    • Web servers software
      • Directadmin
      • Hocvps Script
      • Centmin Mod
      • CWP
      • Kloxo-MR
      • Plesk
    • Control Panels
    • Securing VPS/Servers
      • SSL Certificates
      • Upgrading
      • Authentication
  • Operating System
    • CentOS
    • Fedora
    • Debian
    • Linux
    • Arch
    • BSD
    • CoreOS
  • Reviews
  • Coupon
    • Domain Coupon
    • Hosting Coupon
No Result
View All Result
How VPS - How to use/setup VPS
No Result
View All Result
Home Securing VPS/Servers

Patching OpenSSL for the Heartbleed Vulnerability

How VPS by How VPS
November 2, 2018
in Securing VPS/Servers, Security Patches
0
Patching OpenSSL for the Heartbleed Vulnerability
0
SHARES
34
VIEWS
Share on FacebookShare on Twitter

Contents

  1. Installing the Patched Version
    1. Ubuntu and Debian
    2. CentOS
    3. Fedora
  2. Reissue Certificates
  3. Additional Security Steps
  4. More Information
    1. Join our Community

Patching OpenSSL for the Heartbleed Vulnerability

A security vulnerability in OpenSSL dubbed Heartbleed has been found. This vulnerability was only recently discovered openly, but has been “in the wild” for over a year. It’s important to update your local version of OpenSSL to correct this issue. This brief guide will walk you through ensuring that the patch is installed on your Linode, and suggest additional steps you can take to ensure your server’s security. As always, we suggest having backups of your system prior to making any changes.

This guide is written for a non-root user. Commands that require elevated privileges are prefixed with sudo. If you’re not familiar with the sudo command, you can check our Users and Groups guide.

Installing the Patched Version

Here are the steps for ensuring you have the patched versions of OpenSSL on our most popular distros. If you’ve compiled from source, you’ll want to compile and reinstall using version 1.0.1g. Alternately you can recompile previous versions with the OPENSSL_NO_HEARTBEATS flag enabled to close the vulnerability.

Ubuntu and Debian

  1. Check to see what your current OpenSSL version is:

    $ openssl version -a
    OpenSSL 1.0.1e 11 Feb 2013
    built on: Sat Feb  1 22:14:33 UTC 2014
    platform: debian-amd64
    options:  bn(64,64) rc4(16x,int) des(idx,cisc,16,int) blowfish(idx)
    compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-z,relro -Wa,--noexecstack -Wall -DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
    OPENSSLDIR: "/usr/lib/ssl"
    

    Pay attention to the built on: line. Versions built before April 7th are vulnerable.

  2. For Debian and Ubuntu systems, run these commands to update and upgrade your packages:

    sudo apt-get update
    sudo apt-get upgrade
    
  3. During the upgrade, you may be given a prompt like the one below. This window warns you about the security issue, and lists services that utilize OpenSSL and need to be restarted to apply the patch. You can add any additional services, by matching the init.d script name in this field.

    Patching OpenSSL for the Heartbleed Vulnerability

If you do not receive this prompt, be sure to manually restart any services that use OpenSSL.

  1. After updating, run openssl version -a again to confirm the newer build:

    openssl version -a
    OpenSSL 1.0.1 14 Mar 2012
    built on: Mon Apr  7 20:33:29 UTC 2014
    
    ...
    

CentOS

  1. Check to see what your current OpenSSL version is:

    openssl version -a
    OpenSSL 1.0.1e-fips 11 Feb 2013
    built on: Wed Jan  8 18:40:59 UTC 2014
    platform: linux-x86_64
    options:  bn(64,64) md2(int) rc4(16x,int) des(idx,cisc,16,int) idea(int) blowfish(idx)
    compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -DTERMIO -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -Wa,--noexecstack -DPURIFY -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
    OPENSSLDIR: "/etc/pki/tls"
    engines:  dynamic
    

    Pay attention to the built on: line. Versions built before April 7th are vulnerable.

  2. To update OpenSSL from the repositories, run:

    yum -y install openssl
    

    After updating, run openssl version -a again to confirm the newer build:

    openssl version -a
    OpenSSL 1.0.1e-fips 11 Feb 2013
    built on: Tue Apr  8 02:39:29 UTC 2014
    
    ...
    
  3. Be sure to manually restart any services that use OpenSSL.

Fedora

  1. Check to see what your current OpenSSL version is:

    openssl version -a
    OpenSSL 1.0.1e-fips 11 Feb 2013
    built on: Fri Dec 20 13:57:26 UTC 2013
    platform: linux-x86_64
    options:  bn(64,64) md2(int) rc4(16x,int) des(idx,cisc,16,int) idea(int) blowfish(idx)
    compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -DTERMIO -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches  -m64 -mtune=generic -Wa,--noexecstack -DPURIFY -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
    OPENSSLDIR: "/etc/pki/tls"
    engines:  dynamic
    

    Pay attention to the built on: line. Versions built before April 7th are vulnerable.

  2. On Fedora systems, the patched version is currently being propagated through mirrors. You can update from the repositories with the following command:

    sudo yum -y install openssl
    
  3. After updating, run openssl version -a again to confirm the newer build:

    openssl version -a
    OpenSSL 1.0.1e-fips 11 Feb 2013
    built on: Tue Apr  8 00:32:22 UTC 2014
    
    ...
    
  4. Be sure to manually restart any services that use OpenSSL.

Reissue Certificates

The Heartbleed security bug would allow an attacker to read a portion of the memory on an unprotected system, including private keys used in SSL key pairs. It’s suggested that you reissue all key pairs, and revoke ones made previously. This can include keys used to create SSL certificates for web and mail servers. This means new SSL certificates should be generated or purchased.

You can follow the instructions here to create a new certificate signing request (CSR) and key.

Additional Security Steps

While this security flaw has only recently been discovered openly, it has existed on many servers for well over a year. This means that any third party services you use that employ SSL encryption have been vulnerable. It’s suggested that you ensure that said services patch their systems, then reset your passwords.

More Information

You may wish to consult the following resources for additional information on this topic. While these are provided in the hope that they will be useful, please note that we cannot vouch for the accuracy or timeliness of externally hosted materials.

  • Heartbleed.com

Join our Community

Find answers, ask questions, and help others.

This guide is published under a CC BY-ND 4.0 license.

Previous Post

PacVim – A Game That Teaches You Vim Commands

Next Post

Understanding Different Classifications of Shell Commands and Their Usage in Linux

Next Post

Understanding Different Classifications of Shell Commands and Their Usage in Linux

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

No Result
View All Result

Recent Post

Install Imagemagick on CentOS
CentOS

Install Imagemagick on CentOS

by How VPS
June 28, 2023
0

This is how I installed Imagemagick on a vanilla CentOS server Start off by installing the prerequisites yum install php-pear...

Read more
how to Check phpinfo

How to Check phpinfo of Hosting or VPS?

June 28, 2023
Failed to download metadata for repo 'appstream' on Centos 8

How to fix error: Failed to download metadata for repo ‘appstream’ on Centos 8

February 25, 2022
How to Fix MySQL Error "Plugin 'InnoDB' registration as a STORAGE ENGINE failed"?

How to Fix MySQL Error “Plugin ‘InnoDB’ registration as a STORAGE ENGINE failed”?

November 17, 2020
How to optimize Mysql or MariaDB

How to optimize Mysql or MariaDB

November 3, 2020

Recent News

  • Install Imagemagick on CentOS
  • How to Check phpinfo of Hosting or VPS?
  • How to fix error: Failed to download metadata for repo ‘appstream’ on Centos 8

Category

  • Arch
  • Authentication
  • Backups
  • BSD
  • Centmin Mod
  • CentOS
  • Control Panels
  • CoreOS
  • CWP
  • Debian
  • Directadmin
  • Encryption
  • Fedora
  • Firewalls
  • Hocvps Script
  • Hosting providers
  • Kloxo-MR
  • Linux
  • Mitigations
  • Operating System
  • Plesk
  • Reviews
  • Securing VPS/Servers
  • Security Patches
  • SSL Certificates
  • Uncategorized
  • Upgrading
  • VPS/Servers management guides
  • Vulnerability Detection
  • Web servers software
  • Webhosting Control Panel
  • About
  • Advertise
  • Careers
  • Contact

© 2025 JNews - Premium WordPress news & magazine theme by Jegtheme.

No Result
View All Result
  • Home
  • Management guides
    • Web servers software
      • Directadmin
      • Hocvps Script
      • Centmin Mod
      • CWP
      • Kloxo-MR
      • Plesk
    • Control Panels
    • Securing VPS/Servers
      • SSL Certificates
      • Upgrading
      • Authentication
  • Operating System
    • CentOS
    • Fedora
    • Debian
    • Linux
    • Arch
    • BSD
    • CoreOS
  • Reviews
  • Coupon
    • Domain Coupon
    • Hosting Coupon

© 2025 JNews - Premium WordPress news & magazine theme by Jegtheme.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Thabet