Heartbleed Bug - OpenSSL

[benjamin utterback]

Hello and thank you for being a PrestaShop user.

 I am reaching out because there is a recent OpenSSL bug may affect your PrestaShop installation. This is not a PrestaShop bug but a global internet security flaw that has been picked up by researchers.

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure it.


You can find detailed information on what it is and how to fix it here, http://heartbleed.com/ and http://www.inmotionhosting.com/support/news/general/heartbleed-0-day-openssl-security-bug


Best Regards,

Benjamin

[PrestaHeroes USA]

you can test your domain here:

http://filippo.io/Heartbleed/

[Jacob Nicholson]

Hey Benjamin! Thanks for linking to us about this issue.

 

PrestaShop users can check the server their PrestaShop website is running on very easily for the OpenSSL Heartbleed bug. Simply throw the phpinfo() function into a PHP script, access that script in your web-browser and search for OpenSSL.

<?php
phpinfo();
?>

Only versions 1.0.1 - 1.0.1f of OpenSSL were vulnerable as they were the only ones to include the heartbeat support which has the exploit in it.

 

If you see you're running a possibly vulnerable version, you'll want to double-check with your web host to make sure that it has been patched. If you have root access to the server you can run this command to see that info in the OpenSSL changelog:

rpm -q openssl && rpm -q --changelog openssl | head -10

If you see mention of fix CVE-2014-0160 then you should be patched against this exploit.

 

More info is available here http://www.inmotionhosting.com/support/website/security/protect-data-fix-openssl-heartbleed-bug

 

- Jacob