Logo
  • PHP
    • HipHop / HHVM
    • Modern PHP
    • PHPStorm
    • LAMP
    • Laravel
    • Composer
    • PDO
  • JavaScript
    • node.js
    • AngularJS
  • CSS
    • SASS
    • “CSS4” (CSS level 4)
  • HTML
  • Git
  • LAMP
  • Vagrant
  • UI / UX
  • Architecture of …
  • Off-Topic
With ♥ from Berlin
April 22, 2014
Chris
PHP
Comments Off on A quick guideline on how to fix the Hearthbleed bug (and update OpenSSL) on Ubuntu

A quick guideline on how to fix the Hearthbleed bug (and update OpenSSL) on Ubuntu

PreviousNext
hearthbleed-ssl-bug

If you still haven’t fixed your servers after mainstream discovery of the legendary Hearthbleed bug, then do it now – or better completely reinstall the full server, as the server might be compromized anyway and you’ll never find out (unless you are a security expert, but then you wouldn’t read this blog post).

Solution A: Complete reinstall of the entire system (best solution)

A complete reinstall, followed by a full update/upgrade. Make sure you have the latest version of OpenSSL, it needs to say “April 7th 2014” (or something that is even more in the future) on the “built on” line. I find it totally idiotic that this doesn’t simply put out the version (1.0.1g) of the packet, but anyway…To update an outdated version of OpenSSL, see the next paragraph.

Show the installed OpenSSL version on Ubuntu

Show the installed version of OpenSSL via

sudo openssl version -a

Should look like this: Note the “built on” line, should say “April 7th 2014”, like here:

openssl update ubuntu

If not, then update. There are several guidelines on the web, but the general way to do is either just updating the OpenSSL package or updating the entire system. DigitalOcean recommends updating the entire system.

Solution B: Just update the OpenSSL package

sudo apt-get install --only-upgrade openssl
sudo apt-get install --only-upgrade libssl1.0.0

To be 100% sure, reboot. This solution has been taken from here: DigitalOcean – How to Protect your Server Against the Heartbleed OpenSSL Vulnerability. Please see this post for additional and much deeper information. They also provide solutions for CentOS, Fedora and ArchLinux.

Solution C: Update/upgrade the entire system

sudo apt-get update
sudo apt-get dist-upgrade
sudo reboot

And then check for the installed version of OpenSSL via

sudo openssl version -a

This solution has been partly taken from Anson Cheung – 3 simple steps to update Ubuntu to fix the Heartbleed SSL bug and DigitalOcean – How to Protect your Server Against the Heartbleed OpenSSL Vulnerability.

bugdebianhearthbleedOpenSSLsslUbuntu
Share this

What’s new in PHPStorm 10 (Official promo video)

PHPStorm 10 is out! New features are mainly full PHP7 support, much better auto-recognation / autocompletion (even within arrays (unsure

php

How to install PHP curl extension (in 5 seconds)

It’s a common wordpress problem: PHP’s curl extension is not installed! No need to mess around in config files etc,

php

Why Modern PHP is Awesome And How You Can Use It Today (Slides by Matt Stauffer)

PHPStorm: 42 Tips and Tricks (47min video talk by Mikhail Vink at Dutch PHP Conference 2015)

To be honest I’ve not seen the clip yet, but it sounds so awesome and everybody is upvoting it. Have

shadow dom

Crossbrowser-safe HTML5 video (IE6+) with a few lines of code and just one .mp4 video file

No time to read the full article ? Get the code directly here on GitHub: panique/html5-video. Publishing a video on

phpstorm 7.0 php

How to setup and use XDEBUG with PHPStorm 6/7 (locally in Windows 7/8 and Mac OS X)

Real debugging is probably one of the most coolest things that are possible in software development: Remember the times where

Berlin, prepare for TOA conference (15th – 17th of July)

If you are in Berlin right now (and have 80-300 € to spend and 2-3 days of holidays (or “spontanious

Creators of Laravel launch one-click-installations of Laravel (including nginx, PHP 5.5 etc.)

Again, a game changer: Taylor Otwell, creator of Laravel (which is currently the most popular PHP framework), has released FORGE

offf-2014

Europeans: Get ready for OFFF conference / festival in Barcelona, May 2014

Designers and frontend guys, this is for you: If you live or simply are in western Europe in May 2014,

sass

[german video] Modernizing and minimalizing frontend markup code at AutoScout24

As this blog has a lot of german speaking readers I’ll post german stuff from time to time. Sorry for

1/4

Categories

Search

sass laravel
SASSmeister is a real-time JSfiddle for SASS / CSS. Awesome!
nginx php 5.5
[Link] Set up Nginx with PHP 5.5 easily
Frontend Ops Conf 2014 – Keynote by Alex Sexton: “Front End Operations”
hack-php
Wow! Facebook devs have rewritten and fixed PHP, releasing it as new language called “Hack” today
digitalocean coupon
DigitalOcean VPS coupon codes for december 2013 and early 2014
Symfony devs: Creator of Symfony framework is hiring (Cologne, Germany)!
How to show memory usage (Ubuntu)
[Link] Redesigning SoundCloud by Evan Simoni
forbes 30 under 30
Need motivation ? Check out these 2 awesome “FORBES 30 under 30” lists (web, UI, games)
[Link] Interesting: Designing a Nuclear Waste Warning Symbol That Will Still Make Sense in 10,000 Years
github-logo-octocat
GitHub rolls out .PSD diff and viewing
Frontend Ops Conf 2014 – Rebooting Flickr On A Node.js Stack, One Page At A Time (from PHP) by Bertrand Fan
phpstorm 7.0 php
How to install GitHub’s, NetBeans’s and Sublime2’s syntax highlighting code colours theme in PHPStorm 6/7
vagrant
How to setup a local server (in a virtual machine) with Vagrant in PHPStorm
php
“Belt” adds very clever everyday functions to PHP, comes with JavaScript naming styles and eventually solves the needle/haystack problem

Tags

apache bash centos composer conference coupon CSS debian fonts framework git GitHub hack HHVM HipHop HTML HTML5 IDE JavaScript JS LAMP laravel linux mod_rewrite MVC MySQL Nginx optimization PHP PHP 5.5 PHP 5.6 phpmyadmin PHPStorm security server SSD Ubuntu UI UX vagrant video virtual machine voucher VPS wordpress
Side-Project: Wordle-Solver:
www.wordle-helper.info

Pages

  • Privacy Policy