PDA

View Full Version : How to Fix OpenSSL Heart Bleed Bug on Ubuntu



[s]
04-09-2014, 08:59 AM
First check version of the openSSL


openssl version -b

openssl version -a

If it is already updated, then no need to worry about it . If your OpenSSL is not updated then execute following commands to update OpenSSL.



sudo apt-get update

Once this finishes, upgrade openssl:


sudo apt-get upgrade openssl

Regenerate your SSL certificate , follow the link to regenerating SSL Certificate


https://www.digitalocean.com/community/articles/how-to-create-a-ssl-certificate-on-apache-for-ubuntu-12-04

Video Guide :


https://www.youtube.com/watch?v=sq7Eib02Rb8

Anant Shrivastava
04-09-2014, 09:44 AM
After upgrade either restart the whole server or identify applications still using DELETED library using


lsof -n | grep ssl | grep DEL

Will list out application / services and users still using old libraries. Restart services first and then proceed with regeneration of certificates.


Credits for the command goes to some fellow Internet user. (saw it at so many places hence can't pin point the originator for reference)

41.w4r10r
04-09-2014, 10:56 AM
Haha.. Thats really awesome vulnerability and almost broke internet...

and we were planning for SSL for G4H (just kidding)

hackinglife
04-13-2014, 05:12 PM
Haha.. Thats really awesome vulnerability and almost broke internet...

and we were planning for SSL for G4H (just kidding)

so true, nothing a user could do apart from just waiting for the server to be patched.. :p