Update your System
PLEASE NOTICE: Backup all your system before big updates!
Ubuntu and Debian
sudo apt-get update
sudo apt-get dist-upgrade
CentOS and Fedora
yum update
Checking your Version Numbers
Debian and Ubuntu Releases and Fix Versions
dpkg -l | grep "openssl"
- Ubuntu 10.04: Unaffected (Shipped with older version prior to vulnerability)
- Ubuntu 12.04: 1.0.1-4ubuntu5.12
- Ubuntu 12.10: 1.0.1c-3ubuntu2.7
- Ubuntu 13.04: SUPPORT END OF LIFE REACHED, SHOULD UPGRADE
- Ubuntu 13.10: 1.0.1e-3ubuntu1.2
- Debian 6 (Squeeze): Unaffected (Shipped with older version prior to vulnerability)
- Debian 7 (Wheezy): 1.0.1e-2+deb7u6
- Debian testing (Jessie): 1.0.1g-1
- Debian unstable (Sid): 1.0.1g-1
If you are using Ubuntu 13.04 its HIGHLY RECOMMENDED for you to upgrade your version.
PLEASE NOTICE: Backup all your system before big updates!
Check for your OpenSSL version
dpkg -l | grep “openssl”
Check for your Ubuntu version
lsb_release -a
root@localhost:~# dpkg -l | grep "openssl" ii libcurl4-openssl-dev 7.29.0-1ubuntu3.4 amd64 development files and documentation for libcurl (OpenSSL flavour) ii libgnutls-openssl27:amd64 2.12.23-1ubuntu1.1 amd64 GNU TLS library - OpenSSL wrapper ii openssl 1.0.1c-4ubuntu8.2 amd64 Secure Socket Layer (SSL) binary and related cryptographic tools root@localhost:~# lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 13.04 Release: 13.04 Codename: raring
CentOS and Fedora Releases and Fix Versions
rpm -q -a | grep "openssl"
- CentOS 5: Unaffected (Shipped with older version prior to vulnerability)
- CentOS 6: openssl-1.0.1e-16.el6.5.7
- Fedora 17: Unaffected (Shipped with older version prior to vulnerability)
- Fedora 19: openssl-1.0.1e-37.fc19.1If your OpenSSL Fedora version number doesn’t ends in .1 you are vulnerable!
Check for your OpenSSL version
rpm -q -a | grep “openssl”
Check for your Ubuntu version
cat /etc/redhat-release
[root@stream4 ~]# rpm -q -a | grep "openssl" openssl-1.0.1e-16.el6_5.4.x86_64 [root@stream4 ~]# cat /etc/redhat-release CentOS release 6.5 (Final)
Revoking and Reissuing your SSL Certs/Keys
- regenerate your certificate using a new private key
- create new key and then create the certificate or send CSR to certificate authority issuer to create the new certificate
- replace the old certificate and start using the new ones.
USN-2165-1: OpenSSL vulnerabilities
http://www.ubuntu.com/usn/usn-2165-1/
Red Hat Announce
https://www.redhat.com/archives/rhsa-announce/2014-April/msg00017.html
Red Hat Updated packages
https://rhn.redhat.com/errata/RHSA-2014-0376.html