Debian OpenSSL Heartbleed, new openssl version?

I have openssl version 1.0.1e on my Debian distro. I've done `apt-get install openssl libssl1.0.0` and 1.0.1.e appears to be the latest openssl version for Debian and is vulnerable. As I understand it, 1.0.1.g fixes the Heartbleed bug. Do we know when that package will be available for Debian?
LVL 1
jmarkfoleyAsked:
Who is Participating?
 
Seth SimmonsSr. Systems AdministratorCommented:
this should answer your question

DSA-2896-1 openssl -- security update
http://www.debian.org/security/2014/dsa-2896
0
 
serialbandCommented:
Just update your server.  Debian released patches yesterday.

You can test it here
http://filippo.io/Heartbleed/

You could check for the heartbeat variable to see if you're vulnerable.  The patches just compile without the heartbeat.
egrep dtls1_process_heartbeat libssl.so.1.0.0

http://www.howtoforge.com/find_out_if_server_is_affected_from_openssl_heartbleed_vulnerability_cve-2014-0160_and_how_to_fix

http://www.experts-exchange.com/OS/Linux/Q_28402987.html#a39987838
0
 
jmarkfoleyAuthor Commented:
Thanks! That is good info. I upgraded my openssl package, but it still had version 1.0.1e, so I thought it was vulnerable. However, your link says that 1.0.1e-2+deb7u5 is fixed. I have 1.0.1e+deb7u6, so I guess I'm OK. I did, however, already download and install the 1.0.1g sources from https://www.openssl.org/source on one of my Debian systems already.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.