Monday, May 12, 2014

Easy way to confirm that Centos is patched against Heartbleed

This post should have been posted earlier, but here it is anyway... If you run a Centos box you'll notice that packages are not updated as regular as other distros like Ubuntu. However since the Heartbleed vulnerability is pretty sick, the developers at Centos issued a patch. A simple yum update openssl should fix it. To confirm:
╭─james@darktech  ~ 
╰─$ for i in `seq 1 4`; do ssh root@tech-qa0$i "rpm -q --changelog openssl | grep CVE-2014-0160"; done                       255 ↵

- fix CVE-2014-0160 - information disclosure in TLS heartbeat extension
- fix CVE-2014-0160 - information disclosure in TLS heartbeat extension
- fix CVE-2014-0160 - information disclosure in TLS heartbeat extension
- fix CVE-2014-0160 - information disclosure in TLS heartbeat extension

Post a Comment