Create a gist now

Instantly share code, notes, and snippets.

How to patch Ubuntu for Heartbleed

How to patch Ubuntu for Heartbleed

  1. sudo apt-get update
  2. sudo apt-get install -y libssl1.0.0 openssl
  3. openssl version -a and confirm the "built on" date is >= 2014-04-07
  4. sudo lsof -n | grep ssl | grep DEL and restart all listed services.

Repeat #4 until no results are returned.

@fujin

you can:

sudo apt-get install debian-goodies
sudo checkrestart

In place of the lsof/grep, for similar effect.

@suhastech

This didn't quite work. Nothing was installed (as I already had the old build of the package)

https://gist.github.com/suhastech/10225968

@mrdavidlaing

Worked for me:

$ openssl version -a
OpenSSL 1.0.1 14 Mar 2012
built on: Wed Jan  8 20:45:51 UTC 2014
$ sudo apt-get update
$ sudo apt-get install -y libssl1.0.0 openssl debian-goodies
$ sudo checkrestart
 ...
   sudo /etc/init.d/ssh restart
   sudo /etc/init.d/ntp restart
   sudo /etc/init.d/whoopsie restart
   sudo /etc/init.d/collectd restart
   ....
$ openssl version -a
OpenSSL 1.0.1 14 Mar 2012
built on: Mon Apr  7 20:33:29 UTC 2014

Note that the version doesn't change, but the built on: date does; which can be confusing

@FestivalBobcats

Thanks a ton. Had to use @suhastech solution with the --reinstall flag.

@brianz

Thanks for this...very simple and worked like a charm on my Ubuntu 13.10 servers.

@luntzel

Ubuntu Lucid comes with 0.9.8k out of the box, which is not vulnerable. Adding Precise sources is possibly dangerous...YMMV.

@Sophrinix

make sure you restart apache/ your webserver after running this fix. I was confused as to why it wasn't working until I restarted apache, then all was good.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment