Failed to upgrade Openssl to 1.0.1g

Posted November 21, 2014

Droplet: wct-staging IP: 104.131.83.155

I did openssl upgrade per below 3 steps, seen from community/tutorials: https://www.digitalocean.com/community/tutorials/how-to-protect-your-server-against-the-heartbleed-openssl-vulnerability sudo apt-get update sudo apt-get dist-upgrade sudo shutdown -r now

However, the openssl version is still 1.0.1f. Please guide me how to upgrade to 1.0.1g.

~# openssl version -a OpenSSL 1.0.1f 6 Jan 2014 built on: Wed Oct 15 17:43:26 UTC 2014 platform: debian-amd64

Thank you!

Steve

wildchinait

Submit an answer

You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Andrew SB • November 21, 2014

openssl version 1.0.1f is not necessarily vulnerable as security patches are shipped on top of it. What you need to look for is the distribution’s patch version. For instance, the latest version in Ubuntu 140.04 is 1.0.1f-1ubuntu2.7 You can check this by running:

apt-cache policy openssl