Question
How to patch my DO server to close the Heartbleed hole
- Posted April 7, 2014
Steps shown below to fix the openssl heartbleed issue do not appear to be working on my DO 13.10 server.
http://askubuntu.com/questions/444702/how-to-patch-cve-2014-0160-in-openssl
Subscribe
Share
Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Sign in to AnswerThese answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
I am getting very frustrated with this. None of the suggestions worked for me on Ubuntu 12.10. Running apt-get did not upgrade OpenSSL to the latest version and this is in spite of etc/apt/source-list file pointing directly to ubuntu.com. (I pasted the file below) <br> <br>How do I upgrade OpenSSL without using Ubuntu’s site? I know it’s open source and I could theoretically git-pull the source and compile it myself, but I haven’t touched a C compiler since college, so I would rather not do this. <br> <br> <br>source-list: <br>deb http://archive.ubuntu.com/ubuntu quantal main <br>deb http://archive.ubuntu.com/ubuntu quantal-updates main <br>deb http://security.ubuntu.com/ubuntu quantal-security main <br>deb http://archive.ubuntu.com/ubuntu quantal universe <br>deb http://archive.ubuntu.com/ubuntu quantal-updates universe <br> <br>deb-src http://archive.ubuntu.com/ubuntu precise main <br>deb-src http://archive.ubuntu.com/ubuntu precise-updates main <br>deb-src http://security.ubuntu.com/ubuntu precise-security main <br>deb-src http://archive.ubuntu.com/ubuntu precise universe <br>deb-src http://archive.ubuntu.com/ubuntu precise-updates universe
Hi guys, this quick tutorial helps to apply last update to secure your server: https://www.youtube.com/watch?v=sq7Eib02Rb8 <br> <br>Kind regards, <br>Valentín
@darth_schmoo <br> <br>Right, support for non-LTS versions of Ubuntu has been reduced to 9 months. See: <br> <br>http://fridge.ubuntu.com/2013/03/19/changes-in-ubuntu-releases-decided-by-the-ubuntu-technical-board/ <br>https://wiki.ubuntu.com/Releases
Ah. 13.04 is an EOL distro. Really? Only supporting it for one year? Bollocks.
The best way I’ve found to make sure you’re not compromised on an Ubuntu droplet: <br> <br>apt-get changelog openssl | grep 2014-0160 <br> <br>If you get a hit, the library you’re currently using has updated to address heartbleed specifically. This approach is less error prone than library versions, because sometimes your OS provider will release a fixed version of the old library you were using. <br> <br>Weirdly, I’m on Ubuntu 13.04, getting my updates directly from Ubuntu (rather than a DOcean mirror), and the apt-get update / apt-get upgrade cycle didn’t fix it. I’ve only been toying with SSL for my site anyhow.
In most cases, upgrading will pull in the fix. For a more detailed run down of the situation, see this article: <br> <br>https://www.digitalocean.com/community/articles/how-to-protect-your-server-against-the-heartbleed-openssl-vulnerability
@ Tony Tsang <br>Thanks for the confirmation, i did the upgrade and none of my configs seem broken, so i ought to be good now. Running 1.0.1-4ubuntu5.12
@Darren: A reboot may be required, and a lot more. See: http://security.stackexchange.com/questions/55075/does-heartbleed-mean-new-certificates-for-every-ssl-server/55087#55087
Is a reboot required after this?
Tony Tsang: Thanks! Ran the update/upgrade again then checked. Indeed, I am now on 1.0.1e-3ubuntu1.2.