Skip to main content

How to update Ubuntu to plug the Heartbleed OpenSSL flaw

how to update ubuntu plug heartbleed openssl flaw
Image used with permission by copyright holder

The Heartbleed OpenSSL bug is unlike virtually any Internet security threat you’ve probably ever heard of. It’s not a virus that’s specific to one operating system or type of device. Since it revolves around a flaw in the method of encryption used by many of the world’s websites, it affects almost everyone who uses the Internet, including people who operate servers that run Ubuntu Linux, the free, open-source operating system.

MORE: Which websites are affected by the Heartbleed OpenSSL encryption bug?

Fortunately, with the help of a few commands, you can check whether the version of Ubuntu you’re using is vulnerable to the Heartbleed bug, and also update Ubuntu to ensure that the vulnerability is sealed and patched. It’s important to note that multiple versions of Ubuntu are affected, including Ubuntu 12.04 LTS, Ubuntu 12.10, and Ubuntu 13.10, so it’s imperative that you ensure that the version you run is safe — or update to one that is. Here’s how, according to ansoncheunghk.info.

  1. First, run this command: # sudo openssl version -a. What’s important here is the line that starts with “built on,” which gives you a date for the version of Ubuntu you’re running on your server. If you’re using a version dated before April 7, it is vulnerable to the Heartbleed bug. If it’s dated on or after April 7, you’re in the clear. Here’s what to do if you aren’t, like the the version pictured below, which is dated June 4, 2013.
ubuntu command 1
Image used with permission by copyright holder

           2. Run this command: # sudo apt-get dist-upgrade. This will patch your version of Ubuntu with the latest security update.

ubuntu command 2
Image used with permission by copyright holder

              3. Then restart your Ubuntu server using this command: # sudo reboot. Once reboot is complete, use the same command you used in Step 1 to verify that your Ubuntu install is dated for April 7 or later by checking the line that begins with “built on.”

ubuntu command 3
Image used with permission by copyright holder

Do you have any other tips for how to make Ubuntu safe from the Heartbleed bug? If so, please share them in the comments below.

MORE: How to check if a website is vulnerable to the Heartbleed bug

Image credit: http://www.themebin.com

Body image credits: http://www.ansoncheunghk.info

Editors' Recommendations

Konrad Krawczyk
Former Digital Trends Contributor
Konrad covers desktops, laptops, tablets, sports tech and subjects in between for Digital Trends. Prior to joining DT, he…
Best LastPass alternatives for 2024
A digital security lock.

Whether you're security-conscious or have a terrible memory, using a password manager is a great way to free up brain space and secure your most important information. Unfortunately, LastPass -- once one of the best password managers -- has had several security incidents over the years, making customers look to other options.

This list of both free and paid password managers are solid replacements for LastPass.
Best LastPass alternatives

Read more
Real-time video translation comes to Microsoft Edge
Microsoft Edge browser on a computer screen.

Following up on the massive Copilot+ announcements from yesterday, Microsoft's AI toolset keeps getting bigger and bigger. As part of its annual Microsoft Build develop conference, Microsoft has announced an update to Edge that grants it the power to translate videos to different languages in real time.

Microsoft affirms that the upcoming AI feature will translate videos on the browser to multiple languages using subtitles and/or dubbing in real time. Microsoft has not said if the option will be set by default or where the user can go to turn this feature on or off, but it could be somewhere in Settings.

Read more
All the Copilot updates announced at Build 2024
A Team Copilot being used alongside a Teams video call.

It’s that time of year again, and Microsoft is making various announcements regarding Copilot at its annual Build developer conference. As expected, AI is a massive part of what’s being said, just like last year.

Perhaps the biggest announcement in that regard was that GPT-4o was already live in Azure AI and would soon be coming to Copilot. It was mentioned as part of the Copilot+ press event yesterday, but not much information was provided, aside from the Minecraft tutorial demo.

Read more