Skip to main content

OpenSSL Heartbleed vulnerability

Posted by thirdlane on Fri, 04/11/2014

As you are aware, OpenSSL had a vulnerability known as Heartbleed that was recently made public and fixed - see http://www.openssl.org/news/vulnerabilities.html.

Thirdlane repository and Thirdlane ISOs currently available for download (updated April 10, 2014) include a version of OpenSSL with this vulnerability fixed, so new installations will not be affected.

As some Thirdlane V7 distributions (starting in October 2013) included affected versions of OpenSSL we strongly recommend customers to check their systems for vulnerability. You can do it here http://filippo.io/Heartbleed/ and then update the system if necessary.

To update OpenSLL on V7 Thirdlane installations use "yum update openssl" followed by a server restart.

We recommend checking and updating affected versions of OpenSSL installed on any other servers including open source PBXs and PBXs from other vendors.