A quick guideline on how to fix the Hearthbleed bug (and update OpenSSL) on Ubuntu
If you still haven’t fixed your servers after mainstream discovery of the legendary Hearthbleed bug, then do it now – or better completely reinstall the full server, as the server might be compromized anyway and you’ll never find out (unless you are a security expert, but then you wouldn’t read this blog post).
Solution A: Complete reinstall of the entire system (best solution)
A complete reinstall, followed by a full update/upgrade. Make sure you have the latest version of OpenSSL, it needs to say “April 7th 2014” (or something that is even more in the future) on the “built on” line. I find it totally idiotic that this doesn’t simply put out the version (1.0.1g) of the packet, but anyway…To update an outdated version of OpenSSL, see the next paragraph.
Show the installed OpenSSL version on Ubuntu
Show the installed version of OpenSSL via
sudo openssl version -a
Should look like this: Note the “built on” line, should say “April 7th 2014”, like here:
If not, then update. There are several guidelines on the web, but the general way to do is either just updating the OpenSSL package or updating the entire system. DigitalOcean recommends updating the entire system.
Solution B: Just update the OpenSSL package
sudo apt-get install --only-upgrade openssl sudo apt-get install --only-upgrade libssl1.0.0
To be 100% sure, reboot. This solution has been taken from here: DigitalOcean – How to Protect your Server Against the Heartbleed OpenSSL Vulnerability. Please see this post for additional and much deeper information. They also provide solutions for CentOS, Fedora and ArchLinux.
Solution C: Update/upgrade the entire system
sudo apt-get update sudo apt-get dist-upgrade sudo reboot
And then check for the installed version of OpenSSL via
sudo openssl version -a
This solution has been partly taken from Anson Cheung – 3 simple steps to update Ubuntu to fix the Heartbleed SSL bug and DigitalOcean – How to Protect your Server Against the Heartbleed OpenSSL Vulnerability.
Random articles
The SSL Heartbleed bug explained in 30 seconds
EOL lists of Ubuntu, Debian and CentOS for your server plannings
A list of downloadable Vagrant boxes (CentOS 5.9 / 6.4, Ubuntu 12 / 13, Debian 6 / 7 / 7.1 / 7.2)- Which server OS version to choose ? Some EOL lists of Debian, Ubuntu and CentOS
How to install/setup a basic LAMP stack (Linux, Apache, MySQL, PHP) on Ubuntu 12.04 or Debian 7.0/7.1
(Links) How to fix an extremely slow Symfony inside a Vagrant box
How to install/setup latest version of PHP 5.5 on Debian Wheezy 7.0/7.1/7.2 (and how to fix the GPG key error)
Install Laravel 4 on Ubuntu 12.04 LTS (a how-to tutorial)- How to install / setup PHP 5.5.x on Ubuntu 12.04 LTS