Tuesday, April 1, 2014

Patching CVE-2014-0160 on your Ubuntu Linux using OpenSSL for your HTTP Server 


For Ubuntu 12.04 SSL version - You need to patch this version to use the latest OpenSSL.

On my server, the OpenSSL version was built on July 3 2012. I provide a simple and straightforward solution below:

command: openssl version -a
 OpenSSL 1.0.1 14 Mar 2012
 built on: Tue Jul  3 20:15:07 UTC 2012
 platform: debian-amd64

Simple and straightforward solution.  Issue the following command from your console or terminal:

Step 1 -Update your Ubuntu
 command: sudo apt-get update

Step 2 -issue a patch for the openssl
 command: sudo apt-get install -y libssl1.0.0 openssl

Step 3 - Lets confirm the version of the openssl that you've just update
 command: openssl version -a
  built on: Mon Apr  7 20:33:29 UTC 2014
  platform: debian-amd64

If you're using a web server (i.e. HTTP, IIS) with SSL enabled, all you need is just restart your web server and your web site is now safe.
Posted by at No comments:
Subscribe to: Posts (Atom)