Bug is in the OpenSSL's implementation of the TLS/DTLS (transport layer security protocols) heartbeat extension (RFC6520). When it is exploited it leads to the leak of memory contents from the server to the client and from the client to the server.This bug found its way into the OpenSSL software through a software patch which then found its way to the master repository and hence into stable releases at the time. More reading on Heartbleed.
Debian 6 (squeeze) and other older versions of Debian are unaffected. Debian 7 (Wheezy) is running the vulnerable version of OpenSSL and therefore needs to be upgraded. First ensure the the Debian securities mirror (security.debian.org) is enabled in your sources.list and then do:
"apt-get update && apt-get upgrade"For CentOS, the affected release is CentOS 6. Older releases are unaffected. To apply the upgrade, execute the following:
yum clean all && yum update "openssl*"More reading and how to revoke and re-issue your SSL certificates.
No comments:
Post a Comment