Patch OpenSSL on Debian from Heartbleed threat

Here is a quick tutorial on how to upgrade your Debain Wheezy Linux distribution from Heartbleed threat.

Passwords, credit cards and other sensitive data are at risk.  Reserachers discovered a major flaw in OpenSSL that encrypts web traffic behind SSL certificates.  All servers affected by this flaw should patch immediately.

1. First see if your server is affected by visiting this tool: 

http://filippo.io/Heartbleed

The heartbleed bug was introduced in OpenSSL 1.0.1 and is present in:
  • 1.0.1
  • 1.0.1a
  • 1.0.1b
  • 1.0.1c
  • 1.0.1d
  • 1.0.1e
  • 1.0.1f

 

2. If your server is affected then SSH into your Debian server.  At the time of this post the apt-get updates have not been updated.  But you should first try:

sudo apt-get update

sudo apt-get upgrade

If that doesn't automatically update your server you can do a manual download and install

wget http://security.debian.org/pool/updates/main/o/openssl/libssl1.0.0-dbg_1.0.1e-2+deb7u5_amd64.deb

wget http://security.debian.org/pool/updates/main/o/openssl/openssl_1.0.1e-2+deb7u5_amd64.deb

wget http://security.debian.org/pool/updates/main/o/openssl/libssl1.0.0_1.0.1e-2+deb7u5_amd64.deb

wget http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_1.0.1e-2+deb7u5_amd64.deb
 
sudo dpkg -i openssl_1.0.1e-2+deb7u5_amd64.deb

sudo dpkg -i libssl1.0.0_1.0.1e-2+deb7u5_amd64.deb

sudo dpkg -i libssl1.0.0-dbg_1.0.1e-2+deb7u5_amd64.deb

sudo dpkg -i libssl-dev_1.0.1e-2+deb7u5_amd64.deb

sudo service apache2 restart
sudo ssh restart

Now test your server with the tool again found in Step 1

heartbleed flaw, new york web security, debian wheezy patch, heartbleed debian wheezy, nyc developers

0 Comments

Add your comment