[AusNOG] Heartbleed Bug
Tim Groeneveld
tim at timg.ws
Tue Apr 8 14:01:56 EST 2014
----- Original Message -----
> Hi All,
> Now the general public are aware of the Heartbleed bug
> http://heartbleed.com/ for SSL does anyone have any information
> about
> what routers/switches/load balancers network components may be linked
> with this effected library. I would think that the server people
> would
> have this well in hand but perhaps we may be missing some critical
> info
> of what's buried inside our network kit. I am attempting to get info
> form the usual suspects and some that dont utilize ssl will not be
> effected. That still leaves a fair amount of kit out there.
F5 load balancers are vulnerable.
Just a couple of server notes, if you running CentOS 6.5,
an (unofficial, read: CentOS only) update was released that breaks
compatibility with some apps.
Correct version:
# rpm -q openssl
openssl-1.0.1e-16.el6_5.7.x86_64
Incorrect version:
# rpm -q openssl
openssl-1.0.1e-16.4.0.1.centos.x86_64
Make sure that if you have CentOS 6.5, and the centos package, that
you do a:
# yum clean all && yum upgrade
Finally, once you do get the updated package, make sure you restart
all apps that depend on OpenSSL
A quick way to find them all:
# lsof -n | grep -E '(DEL|mem)' | grep ssl
Best way is to stop all the services listed first, and then start them
up again.
CloudFlare said that they knew about this a week before most other people?
http://blog.cloudflare.com/staying-ahead-of-openssl-vulnerabilities
That's just plain rude!
Cheers,
Tim
More information about the AusNOG
mailing list