Ubuntu – Update OpenSSL – Fix HeartBleed Vulnerability

In case you haven’t heard, a critical bug in the widely used OpenSSL library has been disclosed this week.

http://www.bbc.co.uk/news/technology-26971363

Despite the cool name and vector logo, Heartbleed is one of the scariest security bugs to hit the Internet in a long time.

 

I was able to query my own server to reveal memory dumps containing database table

names and a few other interesting bits!

Once you have fixed your servers – update your passwords!Now if I was constantly doing that, I could grab and amass a great deal of useful info.

 

For updating Ubuntu..

 

Step 1 – Check your current OpenSSL version

Run openssl version -a

Note: OpenSSL 0.9.8 branch is not vulnerable

Versions earlier than 1.0.1 are not vulnerable (although you should upgrade now that a fix is live for the latest version).

 

If you are running Ubuntu 13.01 you Raring updates, so you may need to do it manually: 

Step 2 – Install the latest security updates

Run apt-get update followed by apt-get dist-upgrade

You might need to restart your server if prompted.

Step 3 – Check to make sure the patched version of OpenSSL successfully installed

Run openssl version -a