Heartbleed bug

Status
Not open for further replies.

DirectAdmin Support

Administrator
Staff member
Joined
Feb 27, 2003
Messages
9,158
Hello,

As all of you are likely already aware, an openssl bug called "HeartBleed" has been found which can compromise the security of your SSL certificates and the data it passes.
From my understanding, this would likely only apply to systems with CentOS 6.5 or Debian 7 (openssl 1.0.1 through 1.0.1f)

To test if you are affected, go to this site and enter your domain name:
http://filippo.io/Heartbleed

The update process is quite simple:
CentOS 6:
Code:
yum update openssl
and restart all of your web services, and you're done the updating part for CentOS 6.

Debian 7:
Code:
apt-get update
apt-get upgrade libssl1.0.0
and also update your Debian 7 DA binaries.


The bug report mentions that private keys could be known, so re-keying your certificates would be recommended for any affected OS.
We don't recommend manually recompiling openssl as it could break your system. Using the pre-install package manager for your system will give you the safer result.

For more information, or questions, please visit this thread:
http://forum.directadmin.com/showthread.php?t=48721

Note that www.directadmin.com was affected, and was patched very quickly after the bug was released.
As this is a new server, this also greatly reduces the amount of time exposed to the bug.
We have no reason to believe any harm was done or any data lost.

As a precaution, we welcome you to change your client password, if you wish:
https://www.directadmin.com/clients

John
 
Status
Not open for further replies.
Back
Top