A serious vulnerability called the Heartbleed bug has been found in most current implementations of Openssl version 1.0.1 up to version 1.0.1f. This can be used to get the private key of a SSL connection, so it is important to update the server immediately. The bug is fixed in OpenSSL 1.0.1g. All Major Linux Distributions have release updates to the vulnerability.
To find out if your server is affected run this command (you will thank me later ofcourse)
To get the version number of openssl. If the command shows like below then you might be vulnerable.
OpenSSL 1.0.1e 11 Feb 2013
Update openssl according to the upgrade method listed for your linux flavour. I will list the most common.
Debian based (including Ubuntu)
Redhat based (fedora and centos)
Opensuse (for the cool kids like myself)
And now for the Million Dollar question: What must an ordinary user like me do?
Firstly, there are a number of people spreading rumors that all hell has broken loose and the sky has fallen, no it has not.
If you are very worried about this, Keep Calm and Change Your Passwords.
So what applications are really affected? Well, the first thing that comes to mind for myriad of users is Facebook. Good news is that Facebook patched their servers a few months ago, so this is no longer an issue, and your account is safe provided you have a good password. The same thing applies to Yahoo and Gmail.
©Mwaba Shannon Chisenga, M.Sc, CISSP
Image credit: Epoch Times