Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save ArturT/bc8836d3bedff801dc324ac959050d12 to your computer and use it in GitHub Desktop.
Save ArturT/bc8836d3bedff801dc324ac959050d12 to your computer and use it in GitHub Desktop.
Fix OpenSSL Padding Oracle vulnerability (CVE-2016-2107) - Ubuntu 14.04
# Based on http://fearby.com/article/update-openssl-on-a-digital-ocean-vm/
$ sudo apt-get update
$ sudo apt-get dist-upgrade
$ wget ftp://ftp.openssl.org/source/openssl-1.0.2h.tar.gz
$ tar -xvzf openssl-1.0.2h.tar.gz
$ cd openssl-1.0.2h
$ ./config --prefix=/usr/
$ make depend
$ sudo make install
$ openssl version
# OpenSSL 1.0.2h 3 May 2016
# now restart your nginx or other server
$ sudo service nginx restart
# check your website here https://www.ssllabs.com/ssltest/
@ZeroHackeR
Copy link

@rashmimhatre100
Copy link

rashmimhatre100 commented Mar 26, 2018

Hi All,
Followed https://www.linuxhelp.com/how-to-install-and-update-openssl-on-ubuntu-16-04/ link to upgrade openSSL.
openssl version is,
OpenSSL 1.0.2n 7 Dec 2017

apt-cache policy openssl:
openssl:
Installed: 1.0.2g-1ubuntu4.10
Candidate: 1.0.2g-1ubuntu4.10

sudo apt-get install --only-upgrade libssl1.0.0 openssl
Reading package lists... Done
Building dependency tree
Reading state information... Done
libssl1.0.0 is already the newest version (1.0.2g-1ubuntu4.10).
openssl is already the newest version (1.0.2g-1ubuntu4.10).
The following packages were automatically installed and are no longer required:
bridge-utils containerd linux-aws-headers-4.4.0-1048
linux-headers-4.4.0-1048-aws linux-image-4.4.0-1048-aws runc ubuntu-fan
Use 'sudo apt autoremove' to remove them.
0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.

lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.04.4 LTS
Release: 16.04
Codename: xenial

Still getting F in https://www.ssllabs.com/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment