Security Advisory: OpenSSL vulnerability (CVE-2014-0160)
There is a new vulnerability as of 4-10-2014 in OpenSSL called the “Heartbleed Bug” (CVE-2014-0160) which affects any server utilizing this for SSL connections.
The Heartbleed bug allows an attacker to send a SSL/TLS heartbeat request to the server, which sends back a 64KB chunk of memory to the attacker. This memory can contain sensitive information, such as HTTP sessions & GET/POST requests or even the server’s private key which is why it is very important to patch for this vulnerability.
For cPanel/WHM server owners:
- Log into WHM at http://your-main-domain.com/whm (change your-main-domain.com to an active domain on your server)
- Find the link “Update Server Software” click the link and click update.
- Now find the link “Update System Software” click the link and click update.
It’s also recommended to update to the latest version of WHM using the “Upgrade to Latest Version” link in the WHM.