CVE-2014-0160: OpenSSL Heartbleed Vulnerability

SUMMARY

CVE-2014-0160: OpenSSL Heartbleed Vulnerability resolution

CVE ID

CVE-2014-0160

DESCRIPTION

An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server.

 

RESOLUTION

If CentOS6, apply Unitrends security updates.
CentOS5: not affected
CentOS6: The default CentOS6.5 openssl-1.0.1e-15.el6 is affected. 
Fixed in openssl-1.0.1e-16.el6_5.7 or later.  Unitrends security updates include openssl-1.0.1e-42.el6.

LINK TO ADVISORIES

Have more questions?

Contact us

Was this article helpful?
0 out of 0 found this helpful

Provide feedback for the Documentation team!

Browse this section