How To Upgrade OpenSSL to 1.0.1g To Guard Against Heartbleed in Ubuntu

So you have an older version of Ubuntu Server that is running some web server or application that uses OpenSSL. You are vulnerable to The Heartbleed Bug and simply running apt-get upgrade isn't doing the trick. What do you do?

Well, if you are running an Apache web server you can be Heartbleed free by simply switching over to GnuTLS. If you are using something else like Dovecot or Postfix that doesn't work with GnuTLS then you have to bite the bullet and upgrade your version of OpenSSL. Sadly on older versions of Ubuntu, the latest version of OpenSSL (1.0.1g) won't be available in the repositories. You will have to upgrade from source.

Here's how you do it:

• Download the source package
  wget https://www.openssl.org/source/openssl-1.0.1g.tar.gz
• Extract the archive
  tar -xzvf openssl-1.0.1g.tar.gz
• Change into the package directory
  cd openssl-1.0.1g
• Run the following to compile and install
  sudo ./config && sudo make && sudo make install
• Replace the old binary file via symlink
  sudo ln -sf /usr/local/ssl/bin/openssl `which openssl`
• Done!

Now if you run openssl version it should return the following:

openssl version
OpenSSL 1.0.1g 7 Apr 2014

Congrats! You're patched!

[Via AskUbuntu]

Related articles

• An update on Heartbleed Bug and ShoreTel Platforms
• How to Fix OpenSSL Heart Bleed Bug on Ubuntu
• 96 Hours Later, What Does Heartbleed Mean for Your Business?
• OpenSSL Vulnerabilities - A Few Tips On How To Be Safe