How to upgrade OpenSSL on CentOS 6.5 to protect against heartbleed?

Question

When I go to run:

root@vps [~]# yum update -y openssl

I get:

Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirror.beyondhosting.net
 * extras: centos.mirror.nac.net
 * updates: centos.netnitco.net
Setting up Update Process
No Packages marked for Update

And if I run:

root@vps [~]# yum info openssl

I get this, which is not the latest version of OpenSSL and is vulnerable to heartbleed:

Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirror.beyondhosting.net
 * extras: centos.mirror.nac.net
 * updates: centos.netnitco.net
Installed Packages
Name        : openssl
Arch        : x86_64
Version     : 1.0.1e
Release     : 16.el6_5.7
Size        : 4.0 M
Repo        : installed
From repo   : updates
Summary     : A general purpose cryptography library with TLS implementation
URL         : http://www.openssl.org/
License     : OpenSSL
Description : The OpenSSL toolkit provides support for secure communications
            : between machines. OpenSSL includes a certificate management tool
            : and shared libraries which provide various cryptographic
            : algorithms and protocols.

Available Packages
Name        : openssl
Arch        : i686
Version     : 1.0.1e
Release     : 16.el6_5.7
Size        : 1.5 M
Repo        : updates
Summary     : A general purpose cryptography library with TLS implementation
URL         : http://www.openssl.org/
License     : OpenSSL
Description : The OpenSSL toolkit provides support for secure communications
            : between machines. OpenSSL includes a certificate management tool
            : and shared libraries which provide various cryptographic
            : algorithms and protocols.

Or is this version of 1.0.1e not vulnerable to heartbleed for some reason?

Answer 1

16.el6_5.7 is the patched version with the fix (see the package info on the Scientific Linux site).