I have an Ubuntu 12.04 server. I have updated the OpenSSL package in order to fix the heartbleed vulnerability. But I am still vulnerable even, even though I have restarted the web server, and even the whole server.
To check my vulnerability I used:
dpkg gives:
dpkg -l |grep openssl
ii openssl 1.0.1-4ubuntu5.12 Secure Socket Layer (SSL) binary and related cryptographic tools
(launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.12)
Answer
Ensure that the libssl1.0.0 package has been updated as well (that package contains the actual library, the openssl package contains the tools) and that all services using the library have been restarted after the upgrade.
You have to RESTART all services using openssl (service apache restart).
No comments:
Post a Comment