Heartbleed or openSSLvulnerability
Lately we can observe reporting, on social and all media channels, about OpenSSL vulnerability.
What is all about?
It is about vulnerability of servers passwords, session cookies and private servers keys.
Affected versions of the OpenSSL are: OpenSSL 1.0.1 through 1.0.1f (inclusive)
Not affected versiond of the OpenSSL are: OpenSSL 1.0.1g, OpenSSL 1.0.0 branch, OpenSSL 0.9.8 branch
Whether you have vulnerable server can check on this link: http://sslanalyzer.comodoca.com in section “Protocol Features / Problems”, line “Heartbeat”.
We recommend that administrators of web servers:
- install an updated version of OpenSSL
- replace the encrypted keys on servers
- replace passwords
- replace sessions cookies
OpenSSL immediately made an emergency patch which disable attacks and can be found here:
Some operating system with potentially vulnerable OpenSSL version:
- Debian Wheezy (stable), OpenSSL 1.0.1e-2+deb7u4
- Ubuntu 12.04.4 LTS, OpenSSL 1.0.1-4ubuntu5.11
- CentOS 6.5, OpenSSL 1.0.1e-15
- Fedora 18, OpenSSL 1.0.1e-4
- OpenBSD 5.3 (OpenSSL 1.0.1c 10 May 2012) and 5.4 (OpenSSL 1.0.1c 10 May 2012)
- FreeBSD 10.0 - OpenSSL 1.0.1e 11 Feb 2013
- NetBSD 5.0.2 (OpenSSL 1.0.1e)
- OpenSUSE 12.2 (OpenSSL 1.0.1c)
More informations about Heartbleed: http://heartbleed.com