PDA

View Full Version : OpenSSL Heartbleed Update



kung foo man
8th April 2014, 14:11
Hey all,

since there is a new bug in OpenSSL, every linux admin should update their root.

For Debian Wheezy, this did the job:



apt-get update
apt-get install openssl


To check the update, just run:



# apt-cache policy openssl
openssl:
Installed: 1.0.1e-2+deb7u5
Candidate: 1.0.1e-2+deb7u5
Version table:
*** 1.0.1e-2+deb7u5 0
500 http://mirror.hetzner.de/debian/security/ wheezy/updates/main amd64 Packages
500 http://security.debian.org/ wheezy/updates/main amd64 Packages
100 /var/lib/dpkg/status
1.0.1e-2+deb7u4 0
500 http://mirror.hetzner.de/debian/packages/ wheezy/main amd64 Packages
500 http://cdn.debian.net/debian/ wheezy/main amd64 Packages


The "e-2" is the fixed version. A server restart reloads the buggy library for each process.

You can check the vulnerability of your server with this site: http://possible.lv/tools/hb/

Stay secure! :D

RobsoN
8th April 2014, 15:39
I've got Debian 6, and I couldn't update openssl..

apt-get update (nothing special happens)


[...]
Fetched 453 kB in 4s (107 kB/s)
Reading package lists... Done


apt-get install openssl


Reading package lists... Done
Building dependency tree
Reading state information... Done
openssl is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 2 not upgraded.

apt-cache policy openssl


openssl:
Installed: 0.9.8o-4squeeze14
Candidate: 0.9.8o-4squeeze14
Version table:
*** 0.9.8o-4squeeze14 0
500 http://ftp.debian.org/debian/ squeeze/main amd64 Packages
500 http://security.debian.org/ squeeze/updates/main amd64 Packages
100 /var/lib/dpkg/status


This patch hasnt been released on squeeze?