What should I do about the Heartbleed bug for the sites I run?

Question

The recently announced Heartbleed bug in OpenSSL affects many sites (70% of the internet).

There's a website:

There's a web-based test:

What should I do to protect the sites that I run?

score 7 · Answer 1 · answered Apr 08 '14 at 15:42

7

You should:

Update your system to the latest OpenSSL version
Generate new keys and certificates for services relying on OpenSSL and restart them
Revoke former certificates
Invalidate all established sessions

answered Apr 08 '14 at 15:42

Executifs

score 4 · Answer 2 · edited Apr 08 '14 at 16:42

4

Update your system:

sudo apt-get update
sudo apt-get upgrade

edited Apr 08 '14 at 16:42

Oliver Salzburg

answered Apr 08 '14 at 15:35

Matt Cruikshank

score 0 · Answer 3 · answered Apr 09 '14 at 19:00

0

More specifically for Ubuntu or Debian in general

/etc/init.d/apache2 stop
aptitude update
dpkg -l \*libssl\*
aptitude safe-upgrade libssl1.0.0
dpkg -l \*libssl\*
/etc/init.d/apache2 start

answered Apr 09 '14 at 19:00

rleir

3 Answers3