Fixing the Heartbleed vulnerability on CentOS

While the popular media have jumped on the Heartbleed Bug as if the sky were falling causing mass panic, it is actually quick and easy to fix for us CentOS users.

Red Hat released a patched version of OpenSSL on 8th April and it has already filtered down to the CentOS updates repository, so all you need to do is:

[user@localhost ~]$ sudo yum update openssl
[user@localhost ~]$ sudo service httpd restart

Check you’ve installed openssl-1.0.1e-16.el6 (or a more recent one) and restart any other processes that use OpenSSL under the hood.

Now you’ve fixed that, you should consider replacing your SSL certificate and resetting any of your (or your users) passwords as a precautionary measure — the chances they’ve been compromised are vanishingly small, but they are not zero!


Comments

Leave a Reply

Your email address will not be published. Required fields are marked *