Instantly share code, notes, and snippets.

Embed
What would you like to do?
How to patch Ubuntu for Heartbleed

How to patch Ubuntu for Heartbleed

  1. sudo apt-get update
  2. sudo apt-get install -y libssl1.0.0 openssl
  3. openssl version -a and confirm the "built on" date is >= 2014-04-07
  4. sudo lsof -n | grep ssl | grep DEL and restart all listed services.

Repeat #4 until no results are returned.

@fujin

This comment has been minimized.

Show comment
Hide comment
@fujin

fujin Apr 8, 2014

you can:

sudo apt-get install debian-goodies
sudo checkrestart

In place of the lsof/grep, for similar effect.

fujin commented Apr 8, 2014

you can:

sudo apt-get install debian-goodies
sudo checkrestart

In place of the lsof/grep, for similar effect.

@cillierburger

This comment has been minimized.

Show comment
Hide comment
@cillierburger

cillierburger commented Apr 8, 2014

@suhastech

This comment has been minimized.

Show comment
Hide comment
@suhastech

suhastech Apr 9, 2014

This didn't quite work. Nothing was installed (as I already had the old build of the package)

https://gist.github.com/suhastech/10225968

suhastech commented Apr 9, 2014

This didn't quite work. Nothing was installed (as I already had the old build of the package)

https://gist.github.com/suhastech/10225968

@mrdavidlaing

This comment has been minimized.

Show comment
Hide comment
@mrdavidlaing

mrdavidlaing Apr 9, 2014

Worked for me:

$ openssl version -a
OpenSSL 1.0.1 14 Mar 2012
built on: Wed Jan  8 20:45:51 UTC 2014
$ sudo apt-get update
$ sudo apt-get install -y libssl1.0.0 openssl debian-goodies
$ sudo checkrestart
 ...
   sudo /etc/init.d/ssh restart
   sudo /etc/init.d/ntp restart
   sudo /etc/init.d/whoopsie restart
   sudo /etc/init.d/collectd restart
   ....
$ openssl version -a
OpenSSL 1.0.1 14 Mar 2012
built on: Mon Apr  7 20:33:29 UTC 2014

Note that the version doesn't change, but the built on: date does; which can be confusing

mrdavidlaing commented Apr 9, 2014

Worked for me:

$ openssl version -a
OpenSSL 1.0.1 14 Mar 2012
built on: Wed Jan  8 20:45:51 UTC 2014
$ sudo apt-get update
$ sudo apt-get install -y libssl1.0.0 openssl debian-goodies
$ sudo checkrestart
 ...
   sudo /etc/init.d/ssh restart
   sudo /etc/init.d/ntp restart
   sudo /etc/init.d/whoopsie restart
   sudo /etc/init.d/collectd restart
   ....
$ openssl version -a
OpenSSL 1.0.1 14 Mar 2012
built on: Mon Apr  7 20:33:29 UTC 2014

Note that the version doesn't change, but the built on: date does; which can be confusing

@FestivalBobcats

This comment has been minimized.

Show comment
Hide comment
@FestivalBobcats

FestivalBobcats Apr 9, 2014

Thanks a ton. Had to use @suhastech solution with the --reinstall flag.

FestivalBobcats commented Apr 9, 2014

Thanks a ton. Had to use @suhastech solution with the --reinstall flag.

@brianz

This comment has been minimized.

Show comment
Hide comment
@brianz

brianz Apr 9, 2014

Thanks for this...very simple and worked like a charm on my Ubuntu 13.10 servers.

brianz commented Apr 9, 2014

Thanks for this...very simple and worked like a charm on my Ubuntu 13.10 servers.

@luntzel

This comment has been minimized.

Show comment
Hide comment
@luntzel

luntzel Apr 10, 2014

Ubuntu Lucid comes with 0.9.8k out of the box, which is not vulnerable. Adding Precise sources is possibly dangerous...YMMV.

luntzel commented Apr 10, 2014

Ubuntu Lucid comes with 0.9.8k out of the box, which is not vulnerable. Adding Precise sources is possibly dangerous...YMMV.

@Sophrinix

This comment has been minimized.

Show comment
Hide comment
@Sophrinix

Sophrinix Apr 10, 2014

make sure you restart apache/ your webserver after running this fix. I was confused as to why it wasn't working until I restarted apache, then all was good.

Sophrinix commented Apr 10, 2014

make sure you restart apache/ your webserver after running this fix. I was confused as to why it wasn't working until I restarted apache, then all was good.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment