How to patch my DO server to close the Heartbleed hole

Posted April 7, 2014 6.7k views
Steps shown below to fix the openssl heartbleed issue do not appear to be working on my DO 13.10 server.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
18 answers
If your droplet is using digital ocean's Ubuntu mirror, the problem is their security mirrors do not have libssl 1.0.1-4ubuntu5.12 on them at this time, despite their efforts.

You can work around this by editing /etc/apt/sources.list, comment out the 6 lines for precise-security on, and uncomment the 6 lines below that refer to

Then follow the instructions in the above post.
The DO mirror is now working for 12.04 LTS, at least on one of my droplets. So, for others:

I suggest trying a standard apt-get update/upgrade (or unattended-upgrade) first, and if you don't see libssl1.0.0 in the upgrade list, then try changing the sources.

Check installed version with: dpkg -l | grep openssl
apt-get update && apt-get upgrade

Thanks for the quick reply. As I mentioned in the post, I'm running 13.10, not 12.04.

I did go into sources.list and the following are *not* commented out:

deb saucy-security main restricted
deb-src saucy-security main restricted
deb saucy-security universe
deb-src saucy-security universe
deb saucy-security multiverse
deb-src saucy-security multiverse

Still no love running update/upgrade

I also tried uncommenting the following with no luck

deb saucy partner
deb-src saucy partner
deb saucy main
deb-src saucy main

apt-cache policy openssl

what version does it show?

If it is 1.0.1e-3ubuntu1.2, that mean you have the correct version.
Mine says "openssl 1.0.1-4ubuntu5.10"

Does that mean my droplet is vulnerable?

If i am vulnerable will running "apt-get update && apt-get upgrade" offer a possibility of breaking my current WordPress on LEMP setup?
Just wondering, but is running sudo apt-get update && sudo apt-get upgrade enough to get nginx to use the new version? Or will I have to rebuild nginx or something?

Thank you very much for posting this, I was about to make a question on this myself!

Check the link I post, for ubuntu 12.10 LTS the fixed version should be 1.0.1-4ubuntu5.12.

Simply update & upgrade is enough.

I am also using the DO mirrors and upgraded to lastest version with no problem.

Hope this help.
Tony Tsang: Thanks! Ran the update/upgrade again then checked. Indeed, I am now on 1.0.1e-3ubuntu1.2.
Is a reboot required after this?
Previous 1 2 Next