Posted on Wednesday, April 9th, 2014 at 9:09 pm
This quick tutorial outlines how to upgrade openssl to the latest version on Ubuntu Server 13.04.
A massive security hole has left over two thirds of the Internet's web servers vulnerable to the "Heartbleed Bug" which was announced to the public today. Use the following tool to check if your server is vulnerable:
You can run the following Bash script to upgrade your instance of OpenSSL to the latest version which at the time of this writing is <code>1.0.1g</code>:
#!/bin/bash ### # Need to upgrade an Ubuntu 13.04 server to use OpenSSL 1.0.1g? # Read and execute this script :D ### # License: WTFPL, GPLv3, MIT, whatever; just patch your shit # http://askubuntu.com/questions/444702/how-to-patch-cve-2014-0160-in-openssl ### if [[ $EUID -ne 0 ]]; then echo "This script must be run as root" 1>&2 exit 1 fi wget https://www.openssl.org/source/openssl-1.0.1g.tar.gz wget https://www.openssl.org/source/openssl-1.0.1g.tar.gz.asc gpg --recv-key 0xD3577507FA40E9E2 # Dr Stephen Henson # IMPORTANT! Manually verify that this is the correct key ID: # http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0xD3577507FA40E9E2 # https://www.openssl.org/about/ gpg --verify openssl-1.0.1g.tar.gz.asc openssl-1.0.1g.tar.gz if [[ $? -eq 0 ]]; then tar xzvf openssl-1.0.1g.tar.gz cd openssl-1.0.1g && sudo ./config && sudo make && sudo make install # To link the old openssl library to a new version sudo ln -sf /usr/local/ssl/bin/openssl `which openssl` echo echo "DONE!" fi # eof
You can read more about the nature of the Heartbleed Bug at: