Quick tip about patching CVE-2014-0160 vulnerability, in this case we gonna take care of Debian 7. There’re few ways to secure your server (recompilling package with no-heartbleed switch, disabling ssl support or else), but here’s (imho) easiests and fastest solution using already patched packages.
Update 2014-04-09 19:55: Hours after I wrote this tutorial openssl and libssl packages were updated in wheezy repository. Right now just run:
sudo apt-get update sudo apt-get upgrade
That’s all. Remember to regenerate your certificates.
At first we gonna add to our apt package manager repositories with testing releases where we can find newer version of openssl. Edit /etc/apt/sources.list and make it look like:
deb http://ftp.debian.org/debian jessie main contrib non-free deb http://ftp.debian.org/debian-security jessie/updates main contrib non-free deb http://ftp.debian.org/debian wheezy main contrib non-free deb http://ftp.debian.org/debian-security wheezy/updates main contrib non-free
Save and run:
sudo apt-get update sudo apt-get -t jessie install openssl libssl1.0.0
Confirm update, wait a moment and then just check:
$ openssl version OpenSSL 1.0.1g 7 Apr 2014
After all that steps restart all your servers which use openssl, eg.:
sudo /etc/init.d/apache2 restart
If you’re using CloudFlare proxy on your domain probably you’ll see „Uh-oh timeout” message, it’s ok.
Library: OpenSSL 1.0.1e
If you see after calling
OpenSSL 1.0.1g 7 Apr 2014 (Library: OpenSSL 1.0.1e 11 Feb 2013)
you just have to update libssl, run:
sudo apt-get -t jessie install libssl1.0.0
Should help :-).Tagi: APT, Debian, Heartbleed, LibSSL, Linux, OpenSSL, Security, Serwer