Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
How to patch Ubuntu for Heartbleed

How to patch Ubuntu for Heartbleed

  1. sudo apt-get update
  2. sudo apt-get install -y libssl1.0.0 openssl
  3. openssl version -a and confirm the "built on" date is >= 2014-04-07
  4. sudo lsof -n | grep ssl | grep DEL and restart all listed services.

Repeat #4 until no results are returned.

fujin commented Apr 8, 2014

you can:

sudo apt-get install debian-goodies
sudo checkrestart

In place of the lsof/grep, for similar effect.

This didn't quite work. Nothing was installed (as I already had the old build of the package)

https://gist.github.com/suhastech/10225968

Worked for me:

$ openssl version -a
OpenSSL 1.0.1 14 Mar 2012
built on: Wed Jan  8 20:45:51 UTC 2014
$ sudo apt-get update
$ sudo apt-get install -y libssl1.0.0 openssl debian-goodies
$ sudo checkrestart
 ...
   sudo /etc/init.d/ssh restart
   sudo /etc/init.d/ntp restart
   sudo /etc/init.d/whoopsie restart
   sudo /etc/init.d/collectd restart
   ....
$ openssl version -a
OpenSSL 1.0.1 14 Mar 2012
built on: Mon Apr  7 20:33:29 UTC 2014

Note that the version doesn't change, but the built on: date does; which can be confusing

Thanks a ton. Had to use @suhastech solution with the --reinstall flag.

brianz commented Apr 9, 2014

Thanks for this...very simple and worked like a charm on my Ubuntu 13.10 servers.

luntzel commented Apr 10, 2014

Ubuntu Lucid comes with 0.9.8k out of the box, which is not vulnerable. Adding Precise sources is possibly dangerous...YMMV.

make sure you restart apache/ your webserver after running this fix. I was confused as to why it wasn't working until I restarted apache, then all was good.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment