top button
Flag Notify
Site Registration

Is RHEL is vulnerable to HeartBleed bug?

+1 vote
479 views

I've seen several articles that listed Centos 6.x as vulnerable, but DID NOT LIST RHEL 6.

I'd think that if Centos 6.x is vulnerable, then so would RHEL 6.x, since Centos is made from RHEL sources.

Does anyone know for sure either way?

posted Apr 14, 2014 by Sonu Jindal

Share this question
Facebook Share Button Twitter Share Button LinkedIn Share Button
Yes, RHEL 6 was effected.

1 Answer

0 votes

Check https://access.redhat.com/security/cve/CVE-2014-0160

This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6.4 and earlier, Red Hat JBoss Enterprise Application Platform 5 and 6, and Red Hat JBoss Web Server 1 and 2.

This issue does affect Red Hat Enterprise Linux 6.5, Red Hat Enterprise Virtualization Hypervisor 6.5, and Red Hat Storage 2.1, which provided openssl 1.0.1e. Errata have been released to correct this issue.

answer Apr 14, 2014 by Kiran Kumar
Similar Questions
+1 vote

I am building a cherrypy app that is testing as vulnerable to the heartbleed exploit.

The app is running on the 64 bit 3.3.5 Windows distribution of python. An updated version of 64 bit Python 3.3.x for Windows or an updated pyopenssl? I am kind of surprised the distribution on python.org hasen't been updated.

+1 vote

I'm working on doing some upgrade testing to mitigate the Heartbleed issue and some other vulnerabilities. Part of that is updating OpenSSL, but I'm a bit confused about something and am hoping that someone can help me. I've done at least a dozen internet searches and can't find the answer. It's probably simple, but I'd like to find out anyway.

What do I need to do in order to update the version of OpenSSL that is included in the Apache HTTP server release? I've installed OpenSSL 1.0.1g on the server, but the older version is still in the apache /bin directory. Do I simply replace the openssl executable or is there some kind of change that needs to be made in the httpd.conf file to point to the newer installation?

+1 vote

In my RHEL system I have enabled a port using,

/usr/bin/firewall-cmd --zone=public --add-port=50000/tcp --permanent

Now how will I disable it? Can anyone help?

...