OpenSSL security vulnerabilities and our outward facing web servers

 You may have read about the "heartbleed" bug in which ssl connections can be compromised.
This only affects SSL connections (HTTPS://)

 
The versions affected, according the info on the web are: 1.0.1 1.0.1a through 1.0.1f
The bug is not present in 1.0.1g, nor is it present in the 1.0.0 branch nor the 0.9.8 branch of OpenSSL.
Some sources report 1.0.2-beta is also affected by this bug at the time of writing.
WE MAY NEED TO REGENERATE SSL CERTIFICATES for our affected Web Servers.

You can see a more complete article at

   http://www.mysqlperformanceblog.com/2014/04/08/openssl-heartbleed-cve-2014-0160/

On the following servers, we have the following versions, which are not affected by this bug.
research4 and all its hosted websites: openssl-0.9.8e-27.el5_10.1
research3/transfer: openssl-0.9.8e-22.el5_8.4
mht: openssl-1.0.0e-1.fc14.x86_64
 rcgw1: openssl-0.9.8n-2.fc11.i686 

 rcwp: (reverse proxy server): openssl-0.9.8e-12.el5_5.

dfhccweb: openssl-0.9.8e-12.el5_4.6

hccprod1/hccprod2: openssl-1.0.0-25.el6_3.1.x86_64

road.dfci.harvard.edu: openssl-1.0.0-25.el6_3.1.x86_64

protocol-activation: openssl-1.0.0-25.el6_3.1.x86_64

mazzone: openssl-1.0.0-25.el6_3.1.x86_64

macf-data: openssl-1.0.0-20.el6_2.5.x86_64

macf-web (ubuntu): 0.9.8k-7ubuntu8

premm: openssl-1.0.0-25.el6_3.1.x86_64

mdl-web (ubuntu): 0.9.8k-7ubuntu8

rcprojects: openssl-1.0.0-27.el6_4.2.x86_64

ON UBUNTU, the following updates have been implemented:

These are the servers that would need new ssl-certificates.

All of our servers are running Ubuntu 12.04 LTS.


These updates (libssl1.0.1-4ubuntu5.12/openssl 1.0.1-4ubuntu5.12) fix the bug.

 OUR UBUNTU SERVERS: 

cortex (tonido server): 

   openssl: 1.0.1-4ubuntu5.12

   libssl: 1.0.1-4ubuntu5.12

 cfce1:

    openssl: 1.0.1-4ubuntu5.12 

    libssl: 1.0.1-4ubuntu5.12

 cfce2:

   openssl: 1.0.1-4ubuntu5.12

    libssl: 1.0.1-4ubuntu5.12