I am still running Ubuntu 13.04, how should I react to the Heartbleed Bug? [duplicate]
I know that 13.04 is affected (or at least my installation is) because of the OpenSSL version currently installed. However, after running
sudo apt-get update
sudo apt-get upgrade
I checked my OpenSSL version and it was still an unpatched build.
I also checked http://www.ubuntu.com/usn/usn-2165-1/ and 13.04 isn't listed. What can I do to patch OpenSSL on my machine?
Solution 1:
Note that 13.04 is no longer supported. Upgrading to a supported version is the recommended action. But if a short term solution is needed, it's possible to rebuild the packages from source (sample instructions) with a patch applied, e.g.:
sudo apt-get install build-essential fakeroot dpkg-dev devscripts
apt-get source openssl
sudo apt-get build-dep openssl
cd openssl
dch -i
# ...apply patch...
dpkg-buildpackage -rfakeroot -uc -b
cd ..
sudo dpkg -i *.deb
From the Ubuntu changelog page for openssl, find the diff file for quantal, which happens to have the same base version of openssl (1.0.1c). This should apply cleanly against the latest source for raring. If following the instructions from the link above, apply the patch after doing the dch -i
part, choose a sensible version number. Ignore/delete the rejected patch for debian/changelog
, and continue the process.