How to patch OpenSSL’s Heartbleed Vulnerability

First you need to understand that not all version of OpenSSL are vulnerable.

Below are the version of OpenSSL that are affected by this bug.

CentOS / Red Hat Enterprise Linux / Ubuntu

• OpenSSL 1.0.1 and 1.0.2-beta

The following versions are NOT affected by this bug.

• OpenSSL 1.0.0 branch is NOT vulnerable
• OpenSSL 0.9.8 branch is NOT vulnerable

Therefore, if you are running CentOS 5.x / RHEL 5.x / Ubuntu 10.0.4 LTS then you will be running an older version of OpenSSL which does not have the bug.

However, if you are running CentOS 6.x / RHEL 6.x / Ubuntu 12.0.4 LTS then you will need to immediately update the OpenSSL version to the following:

CentOS 6.x / RHEL 6.x

• OpenSSL 1.0.1e-16.el6_5.7.x86_64

Ubuntu 12.0.4 LTS

• OpenSSL 1.0.1-4ubuntu5.12

Upgrading OpenSSL for CentOS 6.x / RHEL 6.x

Verify the version of OpenSSL is installed on the server:

# rpm -qa | grep openssl

If the version is anything other than OpenSSL 1.0.1e-16.el6_5.7.x86_64 then perform the upgrade below:

# yum update openssl

Then verify the OpenSSL version again.

# rpm -qa | grep openssl
openssl-1.0.1e-16.el6_5.7.x86_64

Upgrading OpenSSL for Ubuntu 12.0.4 LTS

Verify the version of OpenSSL is installed on the server:

# dpkg -l | grep openssl

If the version is anything other than OpenSSL 1.0.1-4ubuntu5.12 then perform the upgrade below:

# sudo apt-get update
# sudo apt-get install openssl libssl1.0.0

Then verify the OpenSSL version again.

# dpkg -l | grep openssl
openssl 1.0.1-4ubuntu5.12

Leave a Reply

Your email address will not be published. Required fields are marked *