Security Vulnerability CVE-2014-0160 (Heartbleed)

         CVE-2014-0160 – Heartbleed got us all with pants down, there’s a new vulnerability found in a pretty recent version of openssl, it affects all versions starting 1.0.1 and fixed in 1.0.1g, it got a name debian vendors claim that the fixed version is 1.0.1e-2+deb7u5, but while I was writing this post openssl-1.0.1e-2+deb7u5 was gone and openssl-1.0.1e-2+deb7u6 replaced it, Debian announcement  did not update on this one.

Here’s how you patch CVE-2014-0160 on debian/ubuntu:

Debian:

Squeeze – unaffected

Wheezy  –

apt-get update

apt-get install openssl=1.0.1e-2+deb7u6

Ubuntu:

for example on 12.04

apt-get update

apt-get install openssl=1.0.1-4ubuntu5.12

other versions – check yourself,

when you finished fixing it, don’t forget to  /etc/init.d/ssh restart

and keep security in your sources list!