Protect Your Systems From ‘Heartbleed’ OpenSSL Vulnerability

Part of our Fanatical Support promise is to ensure the security and health of your systems. It is of the utmost importance to us. So when the entire Linux Community, including Rackspace, was notified yesterday of the “Heartbleed” vulnerability within OpenSSL (CVE-2014-0160), the encryption software found in many Linux systems, we began plans to proactively patch your affected servers where we could.

Check out  how we used expertise at scale to help our customers through Heartbleed.

We are working to patch systems for all customers whose servers we have access to, unless they’ve specifically noted that they do not want us to patch their systems. We cannot patch servers for core cloud customers or managed colocation customers, and recommend you check out this page for additional information and patching instructions:

Our proactive patching is happening in an opt-out model based on each specific service offering. Customers will be contacted based on your specific products (if you utilize five different Rackspace services, you may receive a note about how we’re updating and patching each service). And for Rackspace customers who are on Rackspace infrastructure, we have updated our infrastructure to close off the vulnerability.

Systems with the Heartbleed vulnerability may allow an attacker to read chunks of memory from a remote system, meaning an attacker could access your servers remotely and pull back sensitive data including, but not limited to, passwords, session tokens, or private keys. No trace of the attack remains on the system after the attacker has taken the data. The attacker can run the attack multiple times and gain access to different data from the server depending on what’s being stored in RAM.

Almost all current Linux distributions are affected by this vulnerability and the largest distributions have released updated packages. Some of the affected distributions include Red Hat Enterprise Linux 6.5, CentOS 6.5, Ubuntu 12.04 (and newer versions), Fedora 18 (and newer versions), and Debian Wheezy (and newer versions).

If you’re running one of these distributions, there are some steps you must take as soon as possible:

  • Update your system to the latest available version of OpenSSL using yum, apt-get, or your system’s package manager
  • Restart all of your system services that utilize OpenSSL

Some of the most common services that use OpenSSL include:

  • Web services (including apache, nginx, lighttpd)
  • Mail services (including postfix, sendmail, qmail)
  • Database services (including mysql, mariadb, postgres)

There’s no need for a full system reboot. Simply restarting the affected services is sufficient to ensure that those services are using the new OpenSSL packages.

Once your servers are fully patched and critical servers are restarted, there are a few additional actions to take depending on the sensitivity level of your servers. For servers that contain highly sensitive data, such as PII (Personally Identifiable Information) or payment data, we recommend taking these additional steps:

  • Generate new keys for your SSL certificates and have those certificate re-issued
  • Reset critical passwords in web applications and in the base operating system

As always, we’re here to help. That’s the Rackspace difference (vs. competitors that only offer raw infrastructure). When you sign up with Rackspace, you get the added value of technical experts and Fanatical Support to help make sure you’re protected and your website, app or business remains online. Your support team can verify if your servers have this vulnerability and they can assist you with the necessary updates.

If you have any further questions or concerns, please contact a member of your Fanatical Support team via phone, ticket, or chat from your Cloud Control Panel ( or MyRackspace Customer Portal (

Tune In To Our Google+ Hangout For More Information
At 1 p.m. CDT Wednesday, April 16 Rackspace will host a live Google+ Hangout “Stop the bleeding: How to patch Heartbleed at scale.” Tune in to learn more about Heartbleed and how Rackspace identified and patched thousands of servers impacted by the Heartbleed OpenSSL vulnerability. We will be joined by several specialist Rackers who determined the severity of the vulnerability, and responded to the issue at a sizable scale. You can register for the Hangout here.

Major Hayden builds OpenStack clouds as a principal architect at Rackspace. Major is a core developer in the OpenStack-Ansible project with a focus on improving information security in OpenStack deployments. He holds multiple Red Hat and Global Information Assurance Certification (GIAC) certifications and has written extensively about securing virtualized Linux environments. Outside of OpenStack, Major has contributed to several open source projects including dracut, systemd, and Ansible. Within the Fedora Linux community, he serves on the Fedora Security Team and Fedora Server Working Group. He enjoys writing on his personal blog,, and he talks about technical topics on Twitter as @majorhayden.


  1. Servers that we manage are one thing, but what about Cloud Sites? Are they running any vulnerable versions of OpenSSL? I’ve got a few secure sites that may need new keys, if that is the case. Please advise.

    • Hi Brian,

      A quick update from my previous comment:

      Cloud Sites utilizes a system for customers running SSL sites that does not rely on OpenSSL. As such it was not vulnerable to the Heartbleed issue. Additionally, we have checked other internal systems that were running OpenSSL and they are using versions that were not affected.

      Thanks again,

  2. Hello Major,

    I have a performance server with Rackspace. Its based on Ubuntu. I have updated the server but is there any particular command I should use for updating the OpenSSL vulnerability or will it be updated with the general upgrade command?

    • Hi,

      To answer your question, yes, a general upgrade does the work.

      If you want to do it manually do the following.
      To update the listings do:
      # apt-get update
      and then to upgrade do:
      # apt-get upgrade

      I hope this helps.

  3. Hmm it looks like your site ate mmy first comment (it was extremely long)so I guess I’ll just sum it up what I had written and say,
    I’m thoroughly enjoying your blog. I too am an aspiring blog blogger but I’m still new to thee whole
    thing. Do you have any suggestions for rookie blog writers?
    I’d genuinely appreciate it.


Please enter your comment!
Please enter your name here