Logo
  • PHP
    • HipHop / HHVM
    • Modern PHP
    • PHPStorm
    • LAMP
    • Laravel
    • Composer
    • PDO
  • JavaScript
    • node.js
    • AngularJS
  • CSS
    • SASS
    • “CSS4” (CSS level 4)
  • HTML
  • Git
  • LAMP
  • Vagrant
  • UI / UX
  • Architecture of …
  • Off-Topic
With ♥ from Berlin
April 22, 2014
Chris
PHP
Comments Off on A quick guideline on how to fix the Hearthbleed bug (and update OpenSSL) on Ubuntu

A quick guideline on how to fix the Hearthbleed bug (and update OpenSSL) on Ubuntu

PreviousNext
hearthbleed-ssl-bug

If you still haven’t fixed your servers after mainstream discovery of the legendary Hearthbleed bug, then do it now – or better completely reinstall the full server, as the server might be compromized anyway and you’ll never find out (unless you are a security expert, but then you wouldn’t read this blog post).

Solution A: Complete reinstall of the entire system (best solution)

A complete reinstall, followed by a full update/upgrade. Make sure you have the latest version of OpenSSL, it needs to say “April 7th 2014” (or something that is even more in the future) on the “built on” line. I find it totally idiotic that this doesn’t simply put out the version (1.0.1g) of the packet, but anyway…To update an outdated version of OpenSSL, see the next paragraph.

Show the installed OpenSSL version on Ubuntu

Show the installed version of OpenSSL via

sudo openssl version -a

Should look like this: Note the “built on” line, should say “April 7th 2014”, like here:

openssl update ubuntu

If not, then update. There are several guidelines on the web, but the general way to do is either just updating the OpenSSL package or updating the entire system. DigitalOcean recommends updating the entire system.

Solution B: Just update the OpenSSL package

sudo apt-get install --only-upgrade openssl
sudo apt-get install --only-upgrade libssl1.0.0

To be 100% sure, reboot. This solution has been taken from here: DigitalOcean – How to Protect your Server Against the Heartbleed OpenSSL Vulnerability. Please see this post for additional and much deeper information. They also provide solutions for CentOS, Fedora and ArchLinux.

Solution C: Update/upgrade the entire system

sudo apt-get update
sudo apt-get dist-upgrade
sudo reboot

And then check for the installed version of OpenSSL via

sudo openssl version -a

This solution has been partly taken from Anson Cheung – 3 simple steps to update Ubuntu to fix the Heartbleed SSL bug and DigitalOcean – How to Protect your Server Against the Heartbleed OpenSSL Vulnerability.

bugdebianhearthbleedOpenSSLsslUbuntu
Share this
compress-png

Compress png, jpeg, gif and svg up to 90% with Compressor.io

What a fantastic tool: Compressor.io is a totally free service that let you compress png, jpeg, gif or svg files

Experimenting with HHVM at Etsy (Link)

Extremely interesting blog post of Etsy on how they try out HHVM / HipHop: https://codeascraft.com/2015/04/06/experimenting-with-hhvm-at-etsy/

This picture shows the icon of blindness

How blind people use websites (video with Sina Bahram, blind accessibility researcher)

162 million people worldwide are blind or visually impaired at a level that does not allow to read texts. An

modern-php

Creator of Slim framework and “PHP – The right way” writes book: “Modern PHP”, available 2015

Definitly something every non-superexpert-PHP-developer should have on its books-to-buy-in-2015-list: Josh Lockhart, creator of the legendaray Slim framework and the famous

php

Test out PHP 5.6alpha1 on Windows 7 / 8 with two clicks

The popular Apache-MySQLP-PHP stack EasyPHP has become very professional, maintained and especially modularized in the last 2 years, and when

php uk conference

Profiling PHP Applications by Bastian Hofmann (video from PHP UK Conference 2014)

The title says it all: Profiling PHP applications.  

photoshop-cc-deal

Adobe offers Photoshop for $9.99 per month (limited deal)

Currently Adobe offers the very latest version of Photoshop (which is Photoshop CC) for just $9.99 or 12,99€ (EU zone:

How to show the available version of a package (before doing apt-get install)

To show the version of the package that will be installed with apt-get install, do apt-cache policy packagename. To show

zend framework 3

First view on Zend Framework 3 by Matthew O’Phinney

Interesting stuff: One of the very first video impressions of Zend Framework 3, and it sounds fantastic! This is even

php

How to use the PHP 5.5 password hashing functions

PHP 5.5 introduced some very interesting password hashing functions that will make your life much much easier, the web much

1/4

Categories

Search

php
How to setup / install PHP 5.6 on Ubuntu 14.04 LTS
Rare Steve Jobs AND Bill Gates video interview from 2007’s D5 conference (90min)
october cms
October CMS, built on top of Laravel, is beautiful, clever and on the way to be the new #1 CMS
redaktionelle-hochlastseiten
Hochlastseiten mit PHP, MySQL und Apache am Beispiel stern.de (deutscher Artikel)
Experimenting with HHVM at Etsy (Link)
Creators of Laravel launch one-click-installations of Laravel (including nginx, PHP 5.5 etc.)
8 awesome pure CSS spinner / loader
php
Awesome list of Design Patterns with PHP code examples
Frontend Ops Conf 2014 – Paul Irish: Delivering The Goods In Under 1000ms (40min video)
php
Test out PHP 5.6alpha1 on Windows 7 / 8 with two clicks
symfony-framework-logo
SensioLabs, creator of Symfony and Silex PHP frameworks, gets $7 million capital
JavaScript ECMAScript6 – A short video introduction (5min)
Frontend Ops Conf 2014 – Sarah Goff-Dupont: Git, Continuous Integration and Making It Pretty (31min video)
twig
A 6min video introduction into Twig, the PHP templating engine
php mvc
Preview-release of (my) “php-mvc” project (a simple php mvc barebone)

Tags

apache bash centos composer conference coupon CSS debian fonts framework git GitHub hack HHVM HipHop HTML HTML5 IDE JavaScript JS LAMP laravel linux mod_rewrite MVC MySQL Nginx optimization PHP PHP 5.5 PHP 5.6 phpmyadmin PHPStorm security server SSD Ubuntu UI UX vagrant video virtual machine voucher VPS wordpress
Side-Project: Wordle-Solver:
www.wordle-helper.info

Pages

  • Privacy Policy