Question

Failed to upgrade Openssl to 1.0.1g

Posted November 21, 2014 2.1k views

Droplet: wct-staging
IP: 104.131.83.155

I did openssl upgrade per below 3 steps, seen from community/tutorials: https://www.digitalocean.com/community/tutorials/how-to-protect-your-server-against-the-heartbleed-openssl-vulnerability
sudo apt-get update
sudo apt-get dist-upgrade
sudo shutdown -r now

However, the openssl version is still 1.0.1f. Please guide me how to upgrade to 1.0.1g.

~# openssl version -a
OpenSSL 1.0.1f 6 Jan 2014
built on: Wed Oct 15 17:43:26 UTC 2014
platform: debian-amd64

Thank you!

Steve

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer

openssl version 1.0.1f is not necessarily vulnerable as security patches are shipped on top of it. What you need to look for is the distribution’s patch version. For instance, the latest version in Ubuntu 140.04 is 1.0.1f-1ubuntu2.7 You can check this by running:

apt-cache policy openssl
Submit an Answer