In case you haven't heard, a critical bug in the widely used OpenSSL library was disclosed earlier today.

Despite the cool name and vector logo, Heartbleed is one of the scariest security bugs to hit the Internet in a long time.

We patched our servers here at Pay4Bugs earlier today, so I thought I'd share with you how we went about it.

We run Ubuntu 12.04 LTS on our production servers. If you have automatic security updates enabled, your server will automatically update. But there's no harm in checking to make sure the update has been applied.

Step 1 - Check your current OpenSSL version

Run openssl version -a

[email protected]:~# openssl version -a OpenSSL 1.0.1e 11 Feb 2013 built on: Mon Jul 15 12:44:45 UTC 2013 platform: debian-amd64 options: bn(64,64) rc4(16x,int) des(idx,cisc,16,int) blowfish(idx) compiler: cc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic-functions -Wl,-z,relro -Wa,--noexecstack -Wall -DOPENSSL_NO_TLS1_2_CLIENT -DOPENSSL_MAX_TLS1_2_CIPHER_LENGTH=50 -DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM OPENSSLDIR: "/usr/lib/ssl" [email protected]:~#

The built on date is what we're interested in. Make sure it's on or after April 7, 2014. If it's an earlier date like in the above example, your server is vulnerable.

Run apt-get update followed by apt-get dist-upgrade

[email protected]:~# apt-get dist-upgrade Reading package lists... Done Building dependency tree Reading state information... Done Calculating upgrade... Done The following packages will be upgraded: file libmagic1 libssl-dev libssl-doc libssl1.0.0 openssh-client openssh-server openssl 8 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. Need to get 5,697 kB of archives. After this operation, 2,048 B of additional disk space will be used. Do you want to continue [Y/n]? y

You might need to restart your server if prompted.

Step 3 - Check to make sure the patched version of OpenSSL successfully installed

Run openssl version -a