OPENSSL Security bug http://heartbleed.com/

Sehe

http://heartbleed.com/

http://www.heise.de/security/meldu…SL-2165517.html

Vertraulich nur hier ins forum lassen kein kopie draussen bitte.

Abhilfe info's in kurze ein par:!

Zitat

1. Description of the problem
The OpenSSL package is used for setting up encrypted connections such as
SSL and TLS. You may know these connections as SSH connections to your
server or the encrypted HTTPS connections in your browser. Today a
vulnerability was disclosed which allows malicious parties to eavesdrop on
your encrypted connection, making the encryption ineffective. This
unfortunately also means that transmitted passwords can be captured.

As of now all current operating systems have received updated packages so
we urge you to install the updates as soon as possible.

2. Actions to be taken
In order to close the vulnerability and make your connections safe again
the OpenSSL packages must be updated. The actions required depend on the
distribution you use, the most common ones are listed below:

For Ubuntu 12.04/12.10/13.04/13.10 (with or without Plesk) and Debian 7
(with or without Plesk)

$ apt-get update
$ apt-get install openssl libssl

After executing these commands all services which use OpenSSL must be
restarted, such as webservers like Apache and Nginx and mailservers like
Exim and Postfix. To make absolutely sure all packages are restarted we
advise you to restart the entire server. Please note that there is a chance
your server will perform a filesystem check upon rebooting

Centos 6.x DirectAdmin
$ yum install openssl openssl-devel
$ cd /usr/local/directadmin/custombuild/
$ ./build clean
$ ./build update
$ ./build apache
$ ./build php n
$ ./build dovecot
$ ./build exim

Centos 6.x Cpanel:

1. Log in op WHM
2. Update Server Software doorlopen
3. Update System software doorlopen
4. EasyApache > Previously Saved Config > Build profile now

Centos 6.x mit oder ohne Plesk:

$ yum install openssl

After executing this command all services which use OpenSSL must be
restarted, such as webservers like Apache and Nginx and mailservers like
Exim and Postfix. To make absolutely sure all packages are restarted we
advise you to restart the entire server. Please note that there is a chance
your server will perform a filesystem check upon rebooting.

3. For more information
More information on this vulnerability can be found here:
http://heartbleed.com/

Alles anzeigen

http://www.heise.de/security/meldu…SL-2165517.html