No announcement yet.

Critical: Heartbleed OpenSSL Vulnerability

  • Filter
  • Time
  • Show
Clear All
new posts

  • Critical: Heartbleed OpenSSL Vulnerability

    Hello everyone,

    As reported in mainstream media, in OpenSSL 1.0.1, there is a critical vulnerability with Heartbeat Extension packets which, for the past 2 years, has created a very serious security vulnerability that can be exploited and can cause sensitive information to be stolen over secure connections. This vulnerability is referenced in CVE-2014-0160.

    We would like to reassure customers all cPanel shared hosting servers are safe from this vulnerability - our senior administrators had immediately taken action to patch all of our servers which were affected by the vulnerability. However, dedicated server and VPS customers must taken immediate action to update to OpenSSL 1.0.1g which resolves the vulnerability known as Heartbleed.

    Please note that:
    • OpenSSL 1.0.1 through to 1.0.1f (inclusive) IS vulnerable
    • OpenSSL 1.0.1g IS NOT vulnerable
    • OpenSSL 1.0.0 IS NOT vulnerable
    • OpenSSL 0.9.8 IS NOT vulnerable

    To check whether your server is vulnerable, on CentOS/Red Hat, run:

    rpm -qa openssl*
    yum info openssl | egrep "Package|Version|Release"

    On Ubuntu Server:

    dpkg -l | grep openssl

    (On Ubuntu, ensure the version returned matches the ones here.)

    Alternatively, you can check online here: Test your server for Heartbleed (CVE-2014-0160)

    Customers that are unable to do this themselves or need our assistance are requested to submit a ticket as soon as possible so our technicians can apply the patch for you.

    In the interest of customer security, we would strongly advise customers to change their cPanel/WHM password and account password for the WHUK billing area.

    If you have any questions or concerns regarding this notice, please submit a ticket. One of our senior technicians will be happy to help you.

    Kind regards,

    The WHUK Team