Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 724
  • Last Modified:

Debian OpenSSL Heartbleed, new openssl version?

I have openssl version 1.0.1e on my Debian distro. I've done `apt-get install openssl libssl1.0.0` and 1.0.1.e appears to be the latest openssl version for Debian and is vulnerable. As I understand it, 1.0.1.g fixes the Heartbleed bug. Do we know when that package will be available for Debian?
0
jmarkfoley
Asked:
jmarkfoley
2 Solutions
 
Seth SimmonsSr. Systems AdministratorCommented:
this should answer your question

DSA-2896-1 openssl -- security update
http://www.debian.org/security/2014/dsa-2896
0
 
serialbandCommented:
Just update your server.  Debian released patches yesterday.

You can test it here
http://filippo.io/Heartbleed/

You could check for the heartbeat variable to see if you're vulnerable.  The patches just compile without the heartbeat.
egrep dtls1_process_heartbeat libssl.so.1.0.0

http://www.howtoforge.com/find_out_if_server_is_affected_from_openssl_heartbleed_vulnerability_cve-2014-0160_and_how_to_fix

http://www.experts-exchange.com/OS/Linux/Q_28402987.html#a39987838
0
 
jmarkfoleyAuthor Commented:
Thanks! That is good info. I upgraded my openssl package, but it still had version 1.0.1e, so I thought it was vulnerable. However, your link says that 1.0.1e-2+deb7u5 is fixed. I have 1.0.1e+deb7u6, so I guess I'm OK. I did, however, already download and install the 1.0.1g sources from https://www.openssl.org/source on one of my Debian systems already.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now