rssLink RSS for all categories
 
icon_red
icon_green
icon_red
icon_red
icon_blue
icon_green
icon_green
icon_red
icon_red
icon_red
icon_orange
icon_green
icon_green
icon_green
icon_green
icon_blue
icon_red
icon_orange
icon_red
icon_red
icon_red
icon_red
icon_green
icon_red
icon_red
icon_red
icon_red
icon_orange
icon_green
 

FS#6702 — FS#10596 — OpenSSL "Heartbleed" security updates

Attached to Project— Distributions/OS
Maintenance
Linux
CLOSED
100%
Regarding the recent OpenSSL security issue (see http://heartbleed.org/ for more details), our
distribution images are being updated in order to provide clean installations without
known security bugs.

The following images have been updated:
- Debian 7 (also implicates the following distributions: ISPconfig 3, Minecraft, OwnCloud5, OwnCloud 6)
- CentOS 6 (also implicates the following distributions: DirectAdmin, OVH Release 3, Plesk 10, 11, 11.5)
- Ubuntu 12.04 (also implicates the following distributions: Plesk 11 and 11.5)
- Ubuntu 13.10
- Proxmox VE 3.2

Other distributions are either not vulnerable or updated live before delivery.

If you are using any of the vulnerable distributions, the following steps are necessary to fix the vulnerability and its side effects:

- update your system (for Debian/Ubuntu:
apt-get update && apt-get upgrade
for Fedora/CentOS/RHEL: /usr/bin/yum update )

If you were providing SSL secured services before the update (https, imaps, smtps, jabber, etc):
- restart all affected services, for example:
/etc/init.d/dovecot restart
- re-generate a new SSL key:
- If using a self-signed certificate: replace old key and certificate by new one
- If using a CA-issued certificate: create key and CSR, submit new CSR to your
CA to obtain new certificate, replace old ones accordingly, and revoke your formerly
used certificates at your issuing CA

For more details and suggestions about best-practice handling of the issue, please check http://heartbleed.com/
as well as the security section on the homepage of your selected distribution.
Date:  Friday, 02 May 2014, 14:34PM
Reason for closing:  Done
Comment by OVH - Tuesday, 15 April 2014, 10:47AM

All vulnerable distribution images were updated last week, with the notable exception of ESXi 5.5, for which an update is to be released by April 19th (http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2076225)