Failed to upgrade Openssl to 1.0.1g

November 21, 2014 1.5k views
wildchinait
By:
wildchinait

Droplet: wct-staging
IP: 104.131.83.155

I did openssl upgrade per below 3 steps, seen from community/tutorials: https://www.digitalocean.com/community/tutorials/how-to-protect-your-server-against-the-heartbleed-openssl-vulnerability
sudo apt-get update
sudo apt-get dist-upgrade
sudo shutdown -r now

However, the openssl version is still 1.0.1f. Please guide me how to upgrade to 1.0.1g.

~# openssl version -a
OpenSSL 1.0.1f 6 Jan 2014
built on: Wed Oct 15 17:43:26 UTC 2014
platform: debian-amd64

Thank you!

Steve

Log In to Comment
1 Answer
asb MOD November 21, 2014

openssl version 1.0.1f is not necessarily vulnerable as security patches are shipped on top of it. What you need to look for is the distribution's patch version. For instance, the latest version in Ubuntu 140.04 is 1.0.1f-1ubuntu2.7 You can check this by running:

apt-cache policy openssl
Reply
Have another answer? Share your knowledge.