Solved

heartbeat openssl fix fedora 16

Posted on 2014-04-09
5
732 Views
Last Modified: 2014-04-09
I am in the process of patching two redhat servers. They are only used for mail no hosted websites, but we are using SSL for mail.

One of the servers is an older version of redhat (Redhat version 16)

Linux version 3.1.0-7.fc16.x86_64 (mockbuild@x86-07.phx2.fedoraproject.org)
(gcc version 4.6.2 20111027 (Red Hat 4.6.2-1) (GCC) )

If I do a yum update openssl it will return that it is pulling
1.0.0j-1.fc16 not the most current patched version

The current version on the server.
OpenSSL 1.0.0e-fips 6 Sep 2011

From what I have been reading openssl versions under the 1.0.0 branch are not affected.
http://heartbleed.com/


With that said is there any way I can test this on the server. From what I am reading this vulnerability does not affect this server due to the version of openssl but I want to be sure.
0
Comment
Question by:binovpd
  • 2
  • 2
5 Comments
 
LVL 21

Accepted Solution

by:
Mazdajai earned 250 total points
ID: 39989493
The version you are on is not affected -

https://www.openssl.org/news/secadv_20140407.txt

TLS heartbeat read overrun (CVE-2014-0160)
==========================================

A missing bounds check in the handling of the TLS heartbeat extension can be
used to reveal up to 64k of memory to a connected client or server.

Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including
1.0.1f and 1.0.2-beta1.
0
 
LVL 18

Assisted Solution

by:TobiasHolm
TobiasHolm earned 250 total points
ID: 39989495
Yes, you can test online here: http://filippo.io/Heartbleed/

And here's a little program for testing: https://gist.github.com/sh1n0b1/10100394#file-ssltest-py

Happy patching ;)

Regards, Tobias
0
 

Author Closing Comment

by:binovpd
ID: 39989557
Thanks guys. What is your opinion regarding fedora 16. Should I update to the latest version and can that be done through a yum update? This was setup by someone else a long time ago.
0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39989570
Which 'latest' version?

Update is fine, I recommend leave openssl alone until the bug is fixed, consider you are not unaffected.
0
 

Author Comment

by:binovpd
ID: 39989593
"Which 'latest' version?"

Mazdajai I was noticing current versions of fedora are 19 and 20. All the openssl patch info seems related to those version.  I was a bit concerned we are falling far behind on the version of fedora, but as you said I think I'll just leave it alone for now.
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
I've been an avid user and supporter of Malwarebytes Premium Version 2.x for years. It's an excellent product that runs alongside just about any Anti-Virus application without issues. It seems to have an uncanny ability to pick up many things that A…
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

27 Experts available now in Live!

Get 1:1 Help Now