How to fix "OpenSSL Heartbleed Vulnerability" in CentOS

OpenSSL official announcement, the version of the problem is:
Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including
1.0.1f and 1.0.2-beta1.



The following describes these points separately and provides solutions below:

CentOS. The default OpenSSL installation is not included in the scope of security vulnerabilities officially announced by OpenSSL. OpenSSL-1.0.0-20. el6_2.5.x86_64 is installed by default.
However, if you manually upgrade to version 1.0.1, you may upgrade to a problematic version.
At present, the software source of the cloud platform has been synchronized with the repair version. You can execute yum update openssl to update to the latest version.

View related information on the system
# Rpm-q -- changelog openssl-1.0.1e | grep CVE-2014-0160
-Fix CVE-2014-0160-information disclosure in TLS
This indicates that the vulnerability has been fixed.

2) Ubuntu 12.4
Ubuntu is similar to centos. The installed version is secure by default. If you accidentally upgrade it to a vulnerable version, you need to upgrade it again.
The default version is libssl1.0.0.
User executable
Apt-get update
Apt-get install libssl1.0.0 or apt-get upgrade (this will upgrade all installed packages and proceed with caution)

Verify the version installed on the local machine
Root @ VM-40-221-ubuntu:/etc/apt # dpkg-l | grep libssl
Ii libssl1.0.01.0.1-4ubuntu5. 12 SSL shared libraries
Root @ VM-40-199-ubuntu :~ # Dpkg-s libssl1.0.0 | grep ^ Version
Version: 1.0.1-4ubuntu5. 12
Refer to ubuntu official instructions on this vulnerability
Http://www.ubuntu.com/usn/usn-2165-1/

3) SuSE
OpenSSL 0.9.8a does not have any security issues.
4) Self-compiled versions
In this case, you need to recompile according to OpenSSL official suggestions.
Affected users shoshould upgrade to OpenSSL 1.0.1g. Users unable to immediately
Upgrade can alternatively recompile OpenSSL with-DOPENSSL_NO_HEARTBEATS.

Solution
By default, virtual machines provided by the cloud platform to developers are secure. If you accidentally install the OpenSSL version with vulnerabilities, You need to upgrade it yourself. The download source of the cloud platform has provided the latest version of the installation package.
The OS upgrade methods are as follows:
1) SuSE OpenSSL on this machine does not need to be upgraded
2) CentOS native version, 6.2/6.3; it is secure by default. If a vulnerable version is installed, You need to upgrade it to the latest version.
Yum install openssl
Confirmation method:
# Rpm-q -- changelog openssl-1.0.1e | grep CVE-2014-0160
-Fix CVE-2014-0160-information disclosure in TLS
3) Ubuntu12.4 is secure by default. If a vulnerable version is installed, upgrade it to the latest version.
Apt-get update
Apt-get install libssl1.0.0
Confirmation method:
Root @ VM-40-199-ubuntu :~ # Dpkg-s libssl1.0.0 | grep ^ Version
Version: 1.0.1-4ubuntu5. 12
4) if you compile OpenSSL manually, refer to the OpenSSL official announcement to recompile it.
Affected users shoshould upgrade to OpenSSL 1.0.1g. Users unable to immediately
Upgrade can alternatively recompile OpenSSL with-DOPENSSL_NO_HEARTBEATS.

Solution 2:

Yum search openssl

# Updating: openssl x86_64 1.0.1e-16 is returned. el6_5.7 updateles 1.5 MUpdating for dependencies: openssl-devel x86_64 1.0.1e-16. el6_5.7 updates 1.2 M looks like the version is still relatively new. Then, run yum install openssl # and restart nginx/etc/init. d/nginx restart # test vulnerability has been fixed originally wanted to install the source code compilation, because the above process has been fixed, there is no compilation, if the yum method does not work, try the following installation: wget http://www.openssl.org/source/openssl-1.0.1g.tar.gzcd. /configmake & make install/etc/init. d/nginx restart # restart nginx