Failed to upgrade Openssl to 1.0.1g

November 21, 2014 812 views

Droplet: wct-staging

I did openssl upgrade per below 3 steps, seen from community/tutorials:
sudo apt-get update
sudo apt-get dist-upgrade
sudo shutdown -r now

However, the openssl version is still 1.0.1f. Please guide me how to upgrade to 1.0.1g.

~# openssl version -a
OpenSSL 1.0.1f 6 Jan 2014
built on: Wed Oct 15 17:43:26 UTC 2014
platform: debian-amd64

Thank you!


1 Answer

openssl version 1.0.1f is not necessarily vulnerable as security patches are shipped on top of it. What you need to look for is the distribution's patch version. For instance, the latest version in Ubuntu 140.04 is 1.0.1f-1ubuntu2.7 You can check this by running:

apt-cache policy openssl
Have another answer? Share your knowledge.