Heartbleed Bug In OpenSSL compromised Internet security for nearly everyone?
It is fairly rare that a security flaw affects the majority of the Internet, yet that is what we're faced with in the case of the Heartbleed OpenSSL Bug.
Read more about it here: http://heartbleed.com/
The problem is so serious that I rushed to fix our servers minutes after learning about the problem.
You can verify if your servers are vulnerable with the following online service:
Thankfully, the fix is easy since most OS distributions already have an official patch for this problem.
I had to deal with a few details when upgrading my systems.
How do you fix this problem on Ubuntu 13.04?
Well, since 13.04 is no longer officially supported, it is not possible to do through apt-get automatically.
However, you can still download the deb package files for Ubuntu 13.10 (saucy) and install them manually. They seemed to work fine for me with Nginx.
For Nginx, I had to download and install the libssl package as well. I also had to re-compile nginx since I use a customized version.
After installing the newer version of libssl and openssl, make sure you use the "restart", not "reload" command for your web server. I found it to be a mandatory step to run "service httpd restart" and "service nginx restart" on multiple servers.
Hope this helps someone!
Bookmark & Share
Most Popular Articles
- Mass virtual hosting security tip when using a reverse proxy to connect to other servers
- Solution for MariaDB Field 'xxx' doesn't have a default value
- How to lock Windows immediately upon smart card removal
- Stop using sleep mode with Windows Bitlocker for better security. Learn how to use hibernate in Windows 8.
- Is Google Public DNS actually better then your ISP?
- Planning a system to visually create responsive data-driven web page layouts & widgets in the Jetendo CMS browser interface
- Pros and Cons of CFML vs PHP and other languages
- Run Windows Guest in CentOS 6 Linux Host using Virtualbox 4 via the command line