SGIS updates & advice

OpenSSL vulnerability

A recent vulnerability has been identified on some versions of OpenSSL which makes it possible for attackers to read keys, passwords or any personal information passed over SSL by taking advantage of a coding weakness. More details on this bug can be found here heartbleed.com/.

Sites hosted on our shared servers

A fix has already been added to our shared servers and we are in the process of automatically re-issuing SSL certificates on our shared servers. If you run a site on our shared servers there is nothing you need to do.

VPSs and dedicated servers

If you run your own VPS or server with us it is important you check to see if this weakness affects you. Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including 1.0.1f and 1.0.2-beta1.

1. To check what version you’re currently running you can run the below command:

openssl version

2. If you’re running a vulnerable version you’ll then to update OpenSSL by running the below command.

yum update

3. Then

yum upgrade

You can also run a remote check to see if your server/sties are affected here filippo.io/Heartbleed

If you have any concerns please get in touch with our support team here contact support.

Comments

Comments

Comments