You might have noticed that an OpenSSL advisory has been announced. You can find much more comprehensive information at http://heartbleed.com/.
First of all – try not to worry – this most probably does not effect you! But please read on…
I am a shared web hosting customer – what do I need to do?
Nothing! Easyspace shared hosting servers have been patched – and your sites and details are safe. Its all part of the service!
I have a managed server – What should I do?
Managed servers with Easyspace (where the customer opted-in to automatic operating system updates) will be patched and updated by our technicians.
I have an un-managed server – What should I do?
Most (if not all) vendors have released patches that are now ready to be installed. These are patched versions of 1.0.1e.
If you update your OpenSSL today or in the future, you’ll have a patched version installed.
After installing the updated OpenSSL package you should restart any system services which depend on SSL encryption, such as HTTP servers, mail servers etc.
For Debian/Ubuntu users:
apt-get update && sudo apt-get -y install openssl libssl1.0.0
For CentOS/RHEL users:
yum -y update openssl
Once the update has completed it is advised to reboot your server to ensure all services are updated and inherit the new OpenSSL version.
What version of OpenSSL is vulnerable?
OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable.
The following distributions that we offer and support are reported to be vulnerable:
- Debian 7.x “Wheezy” (stable)
- Ubuntu 12.04.4 “Precise” (LTS)
- CentOS 6.5
Any older distributions vendor-supplied OpenSSL packages are based on OpenSSL 0.9.8 or 1.0.0, and are not vulnerable.
We have prepared further instructions and information in this PDF >Please click here >>
What can this vulnerability actually do?
The bug allows malicious clients to view 65Kb chunks of decrypted system memory. This can be done many times to build a picture of the contents of your system memory (RAM). This *could* be used to disclose information such as the SSL private key; the private counterpart to your public SSL certificate.
Need more help?
As usual, if you have any further questions, please get in touch with us via the usual support channels.