May 14, 2014

How To Upgrade OpenSSL to 1.0.1g To Guard Against Heartbleed in Ubuntu

So you have an older version of Ubuntu Server that is running some web server or application that uses OpenSSL. You are vulnerable to The Heartbleed Bug and simply running apt-get upgrade isn't doing the trick. What do you do?

Well, if you are running an Apache web server you can be Heartbleed free by simply switching over to GnuTLS. If you are using something else like Dovecot or Postfix that doesn't work with GnuTLS then you have to bite the bullet and upgrade your version of OpenSSL. Sadly on older versions of Ubuntu, the latest version of OpenSSL (1.0.1g) won't be available in the repositories. You will have to upgrade from source.

Here's how you do it:
  • Download the source package
  • Extract the archive
    tar -xzvf openssl-1.0.1g.tar.gz
  • Change into the package directory
    cd openssl-1.0.1g
  • Run the following to compile and install
    sudo ./config && sudo make && sudo make install
  • Replace the old binary file via symlink
    sudo ln -sf /usr/local/ssl/bin/openssl `which openssl`
  • Done!
Now if you run openssl version it should return the following:

openssl version
OpenSSL 1.0.1g 7 Apr 2014

Congrats! You're patched!
[Via AskUbuntu]
Enhanced by Zemanta

Twitter Delicious Facebook Digg Stumbleupon Favorites More

Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | stopping spam