Heartbleed OpenSSL Vulnerability (CVE-2014-0160)

On April 7, 2014 a vulnerability was discovered in OpenSSL that could allow attackers to view sensitive information stored in memory. Given the severity of this vulnerability we are encouraging all customers to take the necessary steps to verify their OpenSSL installations are patched and not vulnerable. Most Linux distributions these days come with a package manager (ex: yum, apt).  If you are running a supported Linux distribution (one that is not End-of-Life) you can simply use the provided package manager to update your OpenSSL installation.  If you have built OpenSSL from source, or built any other applications that use OpenSSL from source (ex: Apache) you will need to first upgrade OpenSSL, and then recompile those applications.  If you are running the cPanel/WHM software on your server and are running RHEL/CentOS 6.5 chances are you are vulnerable!  You should first run a “yum update” and then rebuild Apache using Easy Apache in the WHM under WHM > Software > EasyApache or from the CLI using /scripts/easyapache.

 

If you have any questions, concerns, or need assistance please open a support ticket at https://helpdesk.ndchost.com/