Tuesday, April 8, 2014

Heartbleed OpenSSL Bug

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure it.

You are likely affected if you configured and run an SSL-enabled website (meaning that you can access it using the https:// prefix instead of http://). You will need to patch the libraries in your system and replace the certificates and keys that may have been compromised. Please notice that remote access using ssh is NOT affected.

You can find detailed information and next steps on how to patch your Bitnami installation at the following URL:  https://wiki.bitnami.com/security/2014-04_Heartbleed_Bug

Earlier today we have notified all Bitnami users that may have been affected and for which we have an email address on file. We have also started building updated images for all cloud providers that we support. Please direct any questions you have about this issue on our community website where we have started a discussion around the Heartbleed Bug http://community.bitnami.com/t/heartbleed-and-bitnami/23497

This is a serious bug. If you are running an SSL production website you need to patch your installation as soon as possible. If you are not running SSL or just using Bitnami stacks for local development, you are not at risk, but is a good idea to upgrade anyway.


2 comments:

  1. What must I do to "regenerate new certificates and configure them again" as mentioned at the end of the posted link?

    ReplyDelete
  2. It depends on your certificate provider, but it would be the exact steps that you took to create your current certificate from your current provider. If you just have a dummy / example certificate (the default) then it does not really apply to you

    ReplyDelete