We've already patched managed servers against OpenSSL vulnerabilities
If you manage your own Linux server(s), you have urgent work to do.
This week two high severity vulnerabilities have been reported in OpenSSL. All versions of OpenSSL from 3.0.0 to 3.0.6 are affected. Version 3.0.7 includes fixes for both.
We have already patched every server that we manage. If you have any Linux servers that you manage for yourself, it's your responsibility to take care of patching. We recommend that you act as soon as possible.
Depending on your Linux distro, this can be very simple. For example, if you're running the latest LTS version of Ubuntu (22.04), all you need to do is run a standard package upgrade.
The OpenSSL Vulnerabilities page has more information about the vulnerabilities themselves. Look for CVE-2022-3602 and CVE-2022-3786.
With Server Management, problems like this are already solved
At times like this, you really see why Server Management is such a good idea. For the second time this year (after PwnKit in January) we have been so fast to protect managed servers that a major vulnerability has been patched before we've even had time to blog about it.
Our managed customers have been able to get on with doing what they do best today, rather than worrying about server security and system administration. When we say that Server Management includes active threat monitoring and fast response times, this is what we're talking about.
If you'd like to add more peace of mind to your hosting, we're always ready to talk about adding active management to your servers.