james
Guru
- Joined
- Oct 18, 2007
- Messages
- 374
- Reaction score
- 38
lsof -n | grep ssl | grep DEL
yum -y update openssl
service fail2ban restart
service sendmail restart
amportal kill
service mysqld stop
service httpd restart
service mysqld start
amportal start
$ yum update openssl
Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
* sl6x: 198.23.161.166
* sl6x-security: 198.23.161.166
Setting up Update Process
No Packages marked for Update
$ rpm -q openssl
openssl-1.0.1e-16.el6_5.4.i686
$ yum -y update openssl
Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
* sl6x: 198.23.161.166
* sl6x-security: 198.23.161.166
Setting up Update Process
No Packages marked for Update
$ yumdownloader openssl
Loaded plugins: fastestmirror, refresh-packagekit
Loading mirror speeds from cached hostfile
* sl6x: 198.23.161.166
* sl6x-security: 198.23.161.166
openssl-1.0.1e-16.el6_5.4.i686.rpm | 1.5 MB 00:00
http://serverfault.com/questions/587329/heartbleed-what-is-it-and-what-are-options-to-mitigate-itAt the time of writing, CentOS did not yet have a fixed version, but Karanbir Singh's posting to CentOS-announce says that they've produced an updated version of openssl (openssl-1.0.1e-16.el6_5.4.0.1, note the last four digits which are important) that has the exploitable TLS command disabled, and that can be safely applied as it will be overwritten by a fixed version when it is eventually released.
https://access.redhat.com/security/cve/CVE-2014-0160This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6.4 and earlier. This issue does affect Red Hat Enterprise Linux 6.5, Red Hat Enterprise Virtualization Hypervisor 6.5, and Red Hat Storage 2.1, which provided openssl 1.0.1e.
Correction: The "CentOS/Scientific Linux/RH Way" is to backport the fix to 1.0.1e. Version openssl-1.0.1e-16.el6_5.4 is now available, and it is an interim fix reportedly.
To the full extent... like any exposed services is a potential full extent vulnerability.to what extent might having standard mail ports open (25, 465, 993 etc) allow the PBX to be compromised?
--------------------
YUM - security
--------------------
================================================================================
Package Arch Version Repository Size
================================================================================
Updating:
openssl i686 1.0.1e-16.el6_5.7 sl6x-security 1.5 M
openssl-devel i686 1.0.1e-16.el6_5.7 sl6x-security 1.2 M
openssl-perl i686 1.0.1e-16.el6_5.7 sl6x-security 48 k
openssl-static i686 1.0.1e-16.el6_5.7 sl6x-security 1.0 M
Transaction Summary
================================================================================
Upgrade 4 Package(s)
Total download size: 3.7 M
Updated:
openssl.i686 0:1.0.1e-16.el6_5.7 openssl-devel.i686 0:1.0.1e-16.el6_5.7
openssl-perl.i686 0:1.0.1e-16.el6_5.7 openssl-static.i686 0:1.0.1e-16.el6_5.7
$ rpm -q openssl
openssl-1.0.1e-16.el6_5.7.i686
$ yum -y update openssl
Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
* sl6x: 198.23.161.166
* sl6x-security: 198.23.161.166
Setting up Update Process
No Packages marked for Update
For those on the Raspberry Pi or Beaglebone Black platform, issue the following commands.
Do NOT overwrite the MOTD file when prompted whether to do so! Correct answer: N
Code:apt-get update apt-get upgrade reboot
Link up your team and customers Phone System Live Chat Video Conferencing
Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.
Check your inbox!
We’ve sent you an email. Click on the button in the email body to verify your email address – (if you can not find it, check your spam folder).
Upon verification you will be directed to the 3CX setup wizard.