Red Hat and the openssl_1.0.1 heartbleed bug

  • 7014998
  • 02-May-2014
  • 02-May-2014


Red Hat 6


The openssl versions openssl-1.0.1e-15 through openssl-1.0.1e-16.el6_5.4 had a significant bug called "heartbleed" CVE-2014-0160.  The bug allows anyone with access to the server through the internet to read parts of memory.  It was limited to 64kb at a time but can be repeated multiple times to gain confidential information even over a secure network since the bug is local to the server.  Security keys, passwords, usernames, emails, and other confidential information could be leaked.  While a hacker cannot request specific information it gets whatever is passing through RAM at that moment. 


The openssl-1.0.1e-16.el6_5.7 patch was released and needs to be applied.  Patch using the normal Red Hat methods through the Subscription Management Tool (TID 7004324) or SuSE Manager (documentation).