Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
HeartBleed-Debian-Wheezy-Update-OpenSSL-1.0.1e-2+deb7u4.sh
# Debian Wheezy - Fixing HeartBleed
# Installing 1.0.1e-2+deb7u4
# http://www.corsac.net/?rub=blog&post=1565
# https://security-tracker.debian.org/tracker/DSA-2896-1
#
# As pointed out, not the best secured way but fast. Please use 'apt-get && apt-get upgrade' for a more secure system.
MACHINE_TYPE=`uname -m`
if [ ${MACHINE_TYPE} == 'x86_64' ]; then
wget http://security.debian.org/pool/updates/main/o/openssl/libssl1.0.0-dbg_1.0.1e-2+deb7u5_amd64.deb
wget http://security.debian.org/pool/updates/main/o/openssl/openssl_1.0.1e-2+deb7u5_amd64.deb
wget http://security.debian.org/pool/updates/main/o/openssl/libssl1.0.0_1.0.1e-2+deb7u5_amd64.deb
wget http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_1.0.1e-2+deb7u5_amd64.deb
dpkg -i openssl_1.0.1e-2+deb7u5_amd64.deb
dpkg -i libssl1.0.0_1.0.1e-2+deb7u5_amd64.deb
dpkg -i libssl1.0.0-dbg_1.0.1e-2+deb7u5_amd64.deb
dpkg -i libssl-dev_1.0.1e-2+deb7u5_amd64.deb
else
wget http://security.debian.org/pool/updates/main/o/openssl/libssl1.0.0-dbg_1.0.1e-2+deb7u5_i386.deb
wget http://security.debian.org/pool/updates/main/o/openssl/openssl_1.0.1e-2+deb7u5_i386.deb
wget http://security.debian.org/pool/updates/main/o/openssl/libssl1.0.0_1.0.1e-2+deb7u5_i386.deb
wget http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_1.0.1e-2+deb7u5_i386.deb
dpkg -i openssl_1.0.1e-2+deb7u5_i386.deb
dpkg -i libssl1.0.0_1.0.1e-2+deb7u5_i386.deb
dpkg -i libssl1.0.0-dbg_1.0.1e-2+deb7u5_i386.deb
dpkg -i libssl-dev_1.0.1e-2+deb7u5_i386.deb
fi
/etc/init.d/nginx restart
/etc/init.d/ssh restart
@dnet

This comment has been minimized.

Copy link

commented Apr 8, 2014

Downloading executable code over HTTP, extracting and executing it with root privileges. Nice!
(No, DPKG doesn't perform signature verification, APT does.)

@chennin

This comment has been minimized.

Copy link

commented Apr 8, 2014

apt-get update && apt-get upgrade

@jacksoncage

This comment has been minimized.

Copy link
Owner Author

commented Apr 8, 2014

@dnet Hard time demands for fast solutions. But yes, not the most safe way.

@AlucardZweo apt-get repos wasn't up to dated when I fixed my servers.

@DavidToca

This comment has been minimized.

Copy link

commented Apr 8, 2014

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.