Upgrade OpenSSL 0.9.8k to OpenSSL 1.0.1c on Ubuntu 10.04

ubuntu openssl ubuntu-10.04

We're currently using Ubuntu 10.04 and based on the PCI Compliance results, we're told to upgrade our OpenSSL.

I attempted to do this using this reference and this.

Unfortunately, they didn't work for me. And when I attempted to remove the old version prior to installation, it looks like it broke a few thins in the system.

The article from Steve Gordon seemed like it would work for me, but when I ran the openssl version command, it still read that it was the old version.

I was wondering if anyone has any suggestions on what I should do.

Fix: After following the steps from Steven Gordon, make sure you restart apache and / or restart your computer (I did both, but I'm sure a simple restart will fix it right up).


upgrading openssl is going to make things worse, not better. You need to get a list of CVEs that are concerning whoever is doing your PCI certification. Then you can, for each of these CVE's show them that Ubuntu is backporting patches to address these CVEs.

Here is Ubuntu's security tracker. You should be able to put a CVE into this site, and find out that Ubuntu has addressed the issue, and when.

For example, the most recent openssl CVE is documented here, and that links to Ubuntu's notice about this vulnerability being fixed.

The company doing your PCI certification SHOULD accept this kind of documentation.


If you need to upgrade OpenSSL, your options are either to upgrade your entire OS so that the new version of OpenSSL is in place via the OS's supported packages, or venture down the winding and often problematic path of either installing from source or using a third-party package repository.

You may not need to upgrade at all, though. Keep in mind that security fixes from newer versions are backported into older packages. Security scans often have false positives due to their reliance on a simple version number check; the package changelog shows that it's regularly getting security updates. Verify that you're actually vulnerable to the findings before you spend a ton of time and effort on upgrading.

Related

Finding Lyapunov function for a given system of differential equations
HAProxy: session stickiness triggered by response header possible?
Calculate the sum: $\sum_{x=2}^\infty (x^2 \operatorname{arcoth}(x) \operatorname{arccot} (x) -1)$
Using a mounted NTFS share with nginx
How to solve the functional equation $ f(f(x))=ax^2+bx+c $
Nginx with PAM authentication through pam_script
Cannot find "IIS APPPOOL\{application pool name}" user account in Windows Server 2008
Windows Server 2008 R2 Print Server - Change Printer Names on All Client Systems
How to set up linux watchdog daemon with Intel 6300esb
Mysql server fails to start
Category-Theoretic relation between Orbit-Stabilizer and Rank-Nullity Theorems
Reference on manifolds with corners