Ubuntu – Update OpenSSL – Fix HeartBleed Vulnerability

In case you haven’t heard, a critical bug in the widely used OpenSSL library has been disclosed this week.


Despite the cool name and vector logo, Heartbleed is one of the scariest security bugs to hit the Internet in a long time.


I was able to query my own server to reveal memory dumps containing database table

names and a few other interesting bits!

Once you have fixed your servers – update your passwords!Now if I was constantly doing that, I could grab and amass a great deal of useful info.


For updating Ubuntu..


Step 1 – Check your current OpenSSL version

Run openssl version -a

Note: OpenSSL 0.9.8 branch is not vulnerable

Versions earlier than 1.0.1 are not vulnerable (although you should upgrade now that a fix is live for the latest version).


If you are running Ubuntu 13.01 you Raring updates, so you may need to do it manually: 

Step 2 – Install the latest security updates

Run apt-get update followed by apt-get dist-upgrade

You might need to restart your server if prompted.

Step 3 – Check to make sure the patched version of OpenSSL successfully installed

Run openssl version -a