Sunday, June 9, 2019

openssl - Heartbleed flaw fix on Debian Wheezy




is there any 100% working method to update openssl to the non vulnerable version on Debian Wheezy.
I do not want to upgrade the whole OS, nor would I like to install a non official package.




Is there any solution right now ?



Thanks


Answer



from DSA-2896-1 openssl -- security update :




For the stable distribution (wheezy), this problem has been fixed in version 1.0.1e-2+deb7u5.





so,
assuming you have:



deb http://security.debian.org/ wheezy/updates main contrib non-free


in your /etc/apt/sources.list file



apt-get update

apt-cache policy openssl
apt-get install openssl


apt-cache policy openssl will show you candidate updates



apt-get install openssl will upgrade to last openssl version



run again apt-cache policy openssl and check version at Installed: line is equal or superior to: 1.0.1e-2+deb7u5




upgrading openssl package should upgrade libssl1.0.0 as it's a dependency


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...