Red Hat and the openssl_1.0.1 heartbleed bug
This document (7014998) is provided subject to the disclaimer at the end of this document.
Red Hat 6
The openssl versions openssl-1.0.1e-15 through openssl-1.0.1e-16.el6_5.4 had a significant bug called "heartbleed" CVE-2014-0160. The bug allows anyone with access to the server through the internet to read parts of memory. It was limited to 64kb at a time but can be repeated multiple times to gain confidential information even over a secure network since the bug is local to the server. Security keys, passwords, usernames, emails, and other confidential information could be leaked. While a hacker cannot request specific information it gets whatever is passing through RAM at that moment.
The openssl-1.0.1e-16.el6_5.7 patch was released and needs to be applied. Patch using the normal Red Hat methods through the Subscription Management Tool (TID 7004324
) or SuSE Manager (documentation
This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
< Back to Support Search
- Document ID:7014998
- Creation Date:02-MAY-14
- Modified Date:02-MAY-14