Hi, I’ve a few 14.04 and 14.10 droplets running production apps. I regularly run
sudo apt-get update && sudo apt-get upgrade on the machines whenever I log in if there are security patches and the like listed in the MOTD. Each of these droplets are based on a snapshot of a base droplet (with all my setup ready to go).
Recently there has been chatter about a new openSSL bug, so I went to check which version I’ve got and whether it’s the most up-to-date.
When I run the following I get:
OpenSSL 1.0.1f 6 Jan 2014
libssl-ocaml - OCaml bindings for OpenSSL (runtime) libssl-ocaml-dev - OCaml bindings for OpenSSL libssl0.9.8 - SSL shared libraries libsslcommon2 - enterprise messaging system - common SSL libraries libsslcommon2-dev - enterprise messaging system - common SSL development files
From what I’ve been reading on stackexchange/askubuntu, I should be on the latest openSSL (1.0.1f covers Heartbleed by default on 14.04, 14.10) which seems to be 1.0.1p (per openssl.org), and libssl should be 1.0.0 or greater. I thought that
sudo apt-get update / upgrade would update openssl to the newest, most secure version. Is this not the case?
Ultimately, how do I ensure that my droplets all have the most up-to-date openssl version? What is the step-by-step process for this? Does this require downtime of the servers or just a restart of all web services (such as nginx/apache servers and maybe the app servers too)?
Pardon my ignorance as I’m new to sysadmin/devops. Any help is greatly appreciated. Thanks!
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.
Click below to sign up and get $200 of credit to try our products over 60 days!