Solved

Debian OpenSSL Heartbleed, new openssl version?

Posted on 2014-04-09
3
684 Views
Last Modified: 2014-04-09
I have openssl version 1.0.1e on my Debian distro. I've done `apt-get install openssl libssl1.0.0` and 1.0.1.e appears to be the latest openssl version for Debian and is vulnerable. As I understand it, 1.0.1.g fixes the Heartbleed bug. Do we know when that package will be available for Debian?
0
Comment
Question by:jmarkfoley
3 Comments
 
LVL 34

Accepted Solution

by:
Seth Simmons earned 300 total points
ID: 39990697
this should answer your question

DSA-2896-1 openssl -- security update
http://www.debian.org/security/2014/dsa-2896
0
 
LVL 29

Assisted Solution

by:serialband
serialband earned 200 total points
ID: 39990747
Just update your server.  Debian released patches yesterday.

You can test it here
http://filippo.io/Heartbleed/

You could check for the heartbeat variable to see if you're vulnerable.  The patches just compile without the heartbeat.
egrep dtls1_process_heartbeat libssl.so.1.0.0

http://www.howtoforge.com/find_out_if_server_is_affected_from_openssl_heartbleed_vulnerability_cve-2014-0160_and_how_to_fix

http://www.experts-exchange.com/OS/Linux/Q_28402987.html#a39987838
0
 
LVL 1

Author Comment

by:jmarkfoley
ID: 39990753
Thanks! That is good info. I upgraded my openssl package, but it still had version 1.0.1e, so I thought it was vulnerable. However, your link says that 1.0.1e-2+deb7u5 is fixed. I have 1.0.1e+deb7u6, so I guess I'm OK. I did, however, already download and install the 1.0.1g sources from https://www.openssl.org/source on one of my Debian systems already.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SSH (Secure Shell) - Tips and Tricks As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question