Heartbleed Bug Patched for All Servers

We are happy to announce that the Heartbleed Bug (CVE-2014-0160) is patched for all our servers which are vulnerable to it. Along with the patch we are required to perform a restart to services which are affected, including LiteSpeed Web Server, cPanel & WHM, Mail Services, FTP Services, etc and there was a brief service interruptions due to the restart.

Heartbleed

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).

The Heartbleed Bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.

UPDATE: All server level certificates are reissued as well as a precautionary measure.

  • JP

    Hello,

    It looks like you did not revoke and reissue your SSL certificates, at least there: https://aspireplus-s1.aspirationhosting.com:2083/
    Are you planning to fix that ?

    • So far all indications show that the SSL Private Key cannot be obtained easily with the Heartbleed Bug, especially when we do not restart our servers very often at all (we do not need to restart our servers to upgrade our kernel as we use Ksplice Rebootless Kernel).

      Anyway we are gradually reissuing and reinstalling the SSL Certificates for our servers but the process may take some time due to the large amount of servers and because the risk is very low.