Security Vulnerability: Linux Server OpenSSL ("Heartbleed")

  • Wednesday, 9th April, 2014
  • 00:55am

On April 07, 2014 a severe vulnerability in OpenSSL was announced. Known formally as TLS heartbeat read overrun (CVE-2014-0160) and dubbed the "Heartbleed Bug", this flaw allows for the theft of information normally protected by SSL/TLS encryption.

Specifically, the Heartbleed Bug allows memory to be read on systems using OpenSSL 1.0.1 before 1.0.1g, which can compromise private/secret keys used to encrypt data and application traffic. At the very least, this would allow attackers to impersonate users and services, and provide a means for data theft.

Beginning April 10, 2014 we will be updating and rebooting servers which are found to still be vulnerable to the Heartbleed Bug. Due to the nature of this vulnerability, and the volume of servers eligible for the update, we cannot accommodate requests for a specific reboot time.

For more information:

« Back

Powered by WHMCompleteSolution