How to update OpenSSL on Ubuntu Server

With the recent revelation that OpenSSL has a serious security vulnerability called the “heartbleed bug”, it is critical that you update your servers to include the latest patch to fix it. You can read more about this bug, and the effect is can have on your machines here: http://heartbleed.com/

So how do I update?

It is quite simple to apply the update to your machines. Firstly, as with any update, open up a terminal window and do:

sudo apt-get update

and…

sudo apt-get upgrade

This will download all of the available updates to your packages. The fix for the heartbleed bug IS included within the ubuntu repositories already. Once installed, you can verify that you have the correct version by running:

dpkg -l | grep openssl

If you see the following version output, patch for CVE-2014-0160 should be included:

ii openssl 1.0.1-4ubuntu5.12 Secure Socket Layer (SSL)...

You can check to see if your machine has been appropriately updated using this link: http://filippo.io/Heartbleed/

Here is a screenshot after testing my server:

http://filippo.io/Heartbleed/

Hope you found this useful!