The Heartbleed OpenSSL bug can leave a lot of systems open to exploitation. To see whether your system is vulnerable try the following.
*I am using Ubuntu, but if OpenSSL is installed on your system, the commands should be similar.
Open a terminal or command prompt.
First, check your version of OpenSSL:
sudo openssl version -a
The command should output the OpenSSL version number.
|OpenSSL version on Ubuntu that is vulnerable to Heartbleed|
OpenSSL says you should upgrade to version 1.0.1g
. If you manually installed OpenSSL, get the latest source
, and install it.
If you are on Ubuntu, you should also look at the "built on" date. If the date is on or after April 7th, then the patch has been applied. If the date is before April 7th, do a dist-upgrade to update.
sudo apt-get update
sudo apt-get upgrade
Once the upgrade is complete, the "built on" date should be on or after April 7th.
|Apt-get upgrade will likely want to upgrade a number of packages, many of which are potentially vulnerable to the attack.|
Make sure you reboot your system to make sure the changes are applied.
|Patched OpenSSL installation on Ubuntu. Note, the version is still 1.0.1e - make sure to check the build date.|
Many vulnerable products will likely be pushing out updates soon. Make sure you update all your devices, including mobile phones and routers.