OpenSSL vulnerability (CVE-2014-0224)

Comments, suggestions, compliments, etc
spinmaster
Posts: 10
Joined: 2014/11/19 19:30:22

Re: OpenSSL vulnerability (CVE-2014-0224)

Post by spinmaster » 2014/11/22 22:03:22

Yes, cpanel is default installed by my hosting company.
Httpd is apache.

cpanel is the problem?

Thank you.

S.

gerald_clark
Posts: 10642
Joined: 2005/08/05 15:19:54
Location: Northern Illinois, USA

Re: OpenSSL vulnerability (CVE-2014-0224)

Post by gerald_clark » 2014/11/22 22:15:59

Yes. Cpanel replaces CentOS programs with its own and then cripples yum.
We can no longer support that machine as any advice we give may further damage your system.
Cpanel is a commercial product with its own support channels. You will need to use those channels.

spinmaster
Posts: 10
Joined: 2014/11/19 19:30:22

Re: OpenSSL vulnerability (CVE-2014-0224)

Post by spinmaster » 2014/11/24 19:43:59

Thank you very much for your generous help on this.

Partly thanks to your advice, I was able to convince the hosting company admins to investigate this into the right direction and fix it via unlinking/reinstall/recompile.
Otherwise they would have insisted it's all patched and I am getting false positive hits.

Many thanks, and hats off to your expertise.

S.

Post Reply