Solved

heartbeat openssl fix fedora 16

Posted on 2014-04-09
5
750 Views
Last Modified: 2014-04-09
I am in the process of patching two redhat servers. They are only used for mail no hosted websites, but we are using SSL for mail.

One of the servers is an older version of redhat (Redhat version 16)

Linux version 3.1.0-7.fc16.x86_64 (mockbuild@x86-07.phx2.fedoraproject.org)
(gcc version 4.6.2 20111027 (Red Hat 4.6.2-1) (GCC) )

If I do a yum update openssl it will return that it is pulling
1.0.0j-1.fc16 not the most current patched version

The current version on the server.
OpenSSL 1.0.0e-fips 6 Sep 2011

From what I have been reading openssl versions under the 1.0.0 branch are not affected.
http://heartbleed.com/


With that said is there any way I can test this on the server. From what I am reading this vulnerability does not affect this server due to the version of openssl but I want to be sure.
0
Comment
Question by:binovpd
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 21

Accepted Solution

by:
Mazdajai earned 250 total points
ID: 39989493
The version you are on is not affected -

https://www.openssl.org/news/secadv_20140407.txt

TLS heartbeat read overrun (CVE-2014-0160)
==========================================

A missing bounds check in the handling of the TLS heartbeat extension can be
used to reveal up to 64k of memory to a connected client or server.

Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including
1.0.1f and 1.0.2-beta1.
0
 
LVL 18

Assisted Solution

by:TobiasHolm
TobiasHolm earned 250 total points
ID: 39989495
Yes, you can test online here: http://filippo.io/Heartbleed/

And here's a little program for testing: https://gist.github.com/sh1n0b1/10100394#file-ssltest-py

Happy patching ;)

Regards, Tobias
0
 

Author Closing Comment

by:binovpd
ID: 39989557
Thanks guys. What is your opinion regarding fedora 16. Should I update to the latest version and can that be done through a yum update? This was setup by someone else a long time ago.
0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39989570
Which 'latest' version?

Update is fine, I recommend leave openssl alone until the bug is fixed, consider you are not unaffected.
0
 

Author Comment

by:binovpd
ID: 39989593
"Which 'latest' version?"

Mazdajai I was noticing current versions of fedora are 19 and 20. All the openssl patch info seems related to those version.  I was a bit concerned we are falling far behind on the version of fedora, but as you said I think I'll just leave it alone for now.
0

Featured Post

Create Professional Looking Email Signatures

Create "Professional HTML Email Signatures" with ease.
7 Day Money Back Guarantee if not 100% Satisfied.
Affordable - Try it out for 7 Days Totally Risk Free.
Installers provided for over 45 Email clients.
Both Windows & MAC Supported.
Highly Recommended!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
A brand new malware strain was recently discovered by security researchers at Palo Alto Networks dubbed “AceDeceiver.” This new strain of iOS malware can successfully infect non-jailbroken devices and jailbroken devices alike.
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question