How to Check and Fix OpenSSL Heartbleed bug in cPanel/WHM servers

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library.Essentially this means you probably need to regenerate the private keys used to create your SSL certificates, and have them reissued by your certificate authority.This is not a difficult task but does take some time to get OpenSSL updated across all your servers, then go through the process to generate, reissue and install certificates across all locations they are deployed.

The bug is not present in 1.0.1g, nor is it present in the 1.0.0 branch nor the 0.9.8 branch of OpenSSL some sources report 1.0.2-beta is also affected by this bug at the time of writing, however it is a beta product and I would really recommend not to use beta quality releases for something as fundamentally important as OpenSSL in production.

Status of different versions:

Vulnerable OpenSSL versions:
  • OpenSSL 1.0.1 vulnerable
  • OpenSSL 1.0.1a vulnerable
  • OpenSSL 1.0.1b vulnerable
  • OpenSSL 1.0.1c vulnerable
  • OpenSSL 1.0.1d vulnerable
  • OpenSSL 1.0.1e vulnerable
  • OpenSSL 1.0.1f vulnerable

through 1.0.1f (inclusive) are vulnerable.

NOT Vulnerable versions:
  • OpenSSL 1.0.1g is NOT vulnerable
  • OpenSSL 1.0.0 branch is NOT vulnerable
  • OpenSSL 0.9.8 branch is NOT vulnerable

CentOS / Redhat release has already published the new patched version of OpenSSL1.0.1. Please check https://rhn.redhat.com/errata/RHSA-2014-0376.html

How to check Heartbleed Bug:

You can check Heartbleed bug by using the following sites:

http://filippo.io/Heartbleed

https://www.ssllabs.com/ssltest

Make sure every thing is reported okay.

How to FIX OpenSSL Vulnerability

The patched OpenSSL 1.0.1 RPM has already been published to the RHEL 6 and CentOS 6 repositories, so the only steps that should be necessary to update these servers are to run “yum update” to install the updated version of OpenSSL and then either fully restart all SSL-enabled services, including sshd, or reboot the server. I recommend rebooting the server so that no services are missed, and it also gives you the opportunity to install an updated kernel if one is available.

So if your system is prone to this vulnerability or reported as vulnerable from above sites then you may please proceed with the following steps:

# yum update

Make sure you have the updated OpenSSL packages are installed, then try to rebuild your server softwareâ$™s using:

# /scripts/easyapache

Make sure the newly installed OpenSSL version include patched CVEs (Common Vulnerabilities and Exposures).

# rpm -qa | grep openssl

Output Should look like:

# rpm -qa | grep openssl
openssl-1.0.1e-16.el6_5.7.x86_64
openssl-devel-1.0.1e-16.el6_5.7.x86_64
# rpm -q --changelog openssl-1.0.1e | grep -B 1 CVE-2014-0160

Output Should look like:

# rpm -q --changelog openssl-1.0.1e | grep -B 1 CVE-2014-0160
* Mon Apr 07 2014 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-16.7
- fix CVE-2014-0160 - information disclosure in TLS heartbeat extension

Restart all services like cPanel ,SSHD ,HTTPD ,Dovecot ,Pure-Ftpd ,MySQL and any other services that are using SSL libraries.I recommend rebooting the server so that no services are missed.

If your server is RHEL 5/Centos 5 then OpenSSL does not have the bug and its version would be something like openssl-0.9.8e. So CentOS/RHEL 5 users are safe from this vulnerability.

Subscribe Now

10,000 successful online businessmen like to have our content directly delivered to their inbox. Subscribe to our newsletter!

Archive Calendar

Sat Sun Mon Tue Wed Thu Fri
 1
2345678
9101112131415
16171819202122
23242526272829
30  

Over 20000 Satisfied Customers!

From 24/7 support that acts as your extended team to incredibly fast website performance

Zelt staff were fantastic, I had a concern with a domain and they got back to me very quickly and they helped me to resolve the issue!

author
Technician, Diageo PLC

I'm using Zelt for my portfolio since 2006. The transition was seamless, the support was immediate, and everything works perfectly.

author
Photographer, Allister Freeman

Very easy to understand & use even though I am not very technologically minded. No complications whatsoever & I wouldn't hesitate to recommend it to all.

author
Actor, A&J Artists

Zelt support team have been amazingly responsive and helpful to any of my queries, thank you so much to the Zelt have been amazingly responsive and helpful to any of my queries 👍👍👍

author
Technician, Diageo PLC

Anytime I've had a problem I can't solve, I've found Zelt to be diligent and persistent. They simply won't let an issue go until the client is happy.

author
Doctor, SmartClinics

Zelt support team have been amazingly responsive and helpful to any of my queries, thank you so much to the Zelt have been amazingly responsive and helpful to any of my queries 👍👍👍

author
Freelancer, Fiverr

24/7 World-Class Support

Ran into trouble? Contact our Customer Success team any time via live chat or email.

  • Receive professional WordPress support
  • Our specialists are available round
Get Support