How to Patch Heartbleed on Ubuntu 12.04LTS
how-to-upgrade-openssl-to-fix-heartbleed.md
The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).
Upgrade OpenSSL on Ubuntu 12.04 LTS
http://www.ubuntu.com/usn/usn-2165-1/
Install the patch
$ sudo apt-get update
$ sudo dpkg --list | grep openssl
ii openssl 1.0.1-4ubuntu5.3 Secure Socket Layer (SSL)...
$ sudo apt-get --only-upgrade install openssl
$ sudo apt-get install libssl1.0.0
$ sudo dpkg --list | grep openssl
ii openssl 1.0.1-4ubuntu5.12 Secure Socket Layer (SSL)...
Check if installed correctly
$ openssl version -a
OpenSSL 1.0.1 14 Mar 2012
built on: Mon Apr 7 20:33:29 UTC 2014 <<<< THIS IS THE CORRECT DATE
platform: debian-amd64
options: bn(64,64) rc4(16x,int) des(idx,cisc,16,int) blowfish(idx)
compiler: cc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic-functions -Wl,-z,relro -Wa,--noexecstack -Wall -DOPENSSL_NO_TLS1_2_CLIENT -DOPENSSL_MAX_TLS1_2_CIPHER_LENGTH=50 -DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
OPENSSLDIR: "/usr/lib/ssl"
To install Heartbleed command-line tool to check your service
Install Go on Mac
- download from https://code.google.com/p/go/downloads/list?q=OpSys-OSX+Type-Installer
- Open a terminal
- Set GOPATH in .bashrc export GOPATH=“/Users/songserm/Dropbox/projects/go”
Install Heartbleed on Mac
$ go get github.com/FiloSottile/Heartbleed
$ go install github.com/FiloSottile/Heartbleed
Check your service
Note: you can also use an online tool here http://filippo.io/Heartbleed/#
$ cd ~/Dropbox/projects/go/bin
$ ./Heartbleed www.example.com:443
2014/04/10 13:31:31 www.example.com:443 - SAFE
If not successfull, you should still see the yellow submarine.
$ ./Heartbleed www.example.com:443
2014/04/10 13:33:05 ([]uint8) {
00000000 02 00 79 68 65 61 72 74 62 6c 65 65 64 2e 66 69 |..yheartbleed.fi|
00000010 6c 69 70 70 6f 2e 69 6f 59 45 4c 4c 4f 57 20 53 |lippo.ioYELLOW S|
00000020 55 42 4d 41 52 49 4e 45 b2 fb b3 7c 8a 8b 9b df |UBMARINE...|....|
00000030 c5 04 78 e8 62 38 91 30 32 0c cd ad 42 4c 45 00 |..x.b8.02...BLE.|
00000040 00 00 13 00 11 00 00 0e 6f 6e 61 2e 65 78 73 65 |........ona.exse|
00000050 65 64 2e 6e 65 74 00 05 00 05 01 00 00 00 00 00 |ed.net..........|
00000060 0a 00 08 00 06 00 17 00 18 00 19 00 0b 00 02 01 |................|
00000070 00 00 0d 00 0a 00 08 04 01 04 03 02 1d 80 3b 29 |..............;)|
00000080 90 ff 29 31 de 83 00 8a ce 95 98 ce |..)1........|
}