debian wheezy, heartbleed, openssl refuses to update

apt openssl heartbleed debian-wheezy

I am having a strange problem, my system is exposed to heartbleed, and I am trying to fix it by using: apt-get clean,
apt-get update
and
apt-get upgrade openssl

but the response is: 

Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
openssl is already the newest version.
The following packages have been kept back:
  libncurses5 libncursesw5 libssl-dev
0 upgraded, 0 newly installed, 0 to remove and 3 not upgraded.

my openssl version is:
openssl version -a 

OpenSSL 1.0.1f-dev xx XXX xxxx
built on: Mon Dec 23 14:23:57 UTC 2013
platform: debian-amd64
options:  bn(64,64) rc4(8x,int) des(idx,cisc,16,int) blowfish(idx)
compiler: gcc -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-z,relro -Wa,--noexecstack -Wall -DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
OPENSSLDIR: "/usr/lib/ssl"

openssl version -b 

built on: Mon Dec 23 14:23:57 UTC 2013

I had thought that the problem is in the sources list and here is my sources list:

#deb http://ftp.debian.org/debian stable main contrib

#deb http://ftp.debian.org/debian/ wheezy-updates main contrib

#deb http://security.debian.org/ wheezy/updates main contrib
deb http://http.debian.net/debian wheezy main
deb-src http://http.debian.net/debian wheezy main

deb http://http.debian.net/debian wheezy-updates main
deb-src http://http.debian.net/debian wheezy-updates main

deb http://security.debian.org/ wheezy/updates main
deb-src http://security.debian.org/ wheezy/updates main

you can see the old ones in comment, but updating and trying to upgrade even with apt-get upgrade make no progress.

My serevr is on rackspace if it's somehow relevant...

I really don't know what to do, please help me.


Solution 1:

Thanks all for your efforts, here is how I had solved it:
apparently my openssl was from a test package instead of stable one. so the aptitude always thought the package is up to date.

in order to fix it I had run the next commands:
apt-get install openssl=1.0.1a-2+deb7u7
apt-get install libssl1.0.0=1.0.1e-2+deb7u7

it forced debian to install this packages with the exact version. and now it works

Solution 2:

Try

apt-get install openssl

That should force Debian reinstalling/upgrading only the OpenSSL again. See what version it installs.

Related

Is there a streamlined way to export settings from an existing CentOS 5.10 server for local Vagrant provisioning? (Puppet, Chef, shell, or otherwise)
How can i access multiple object in a nested array and push them all at the same time using Vue?
docker-compose not honoring CPU limits
Reset Keyboard Preferences
Touchscreen on HP Envy x360 is not working with 18.04
Laravel TDD assertSee returns true on NULL object
Best practice for shared directory on server (samba windows 10 clients)
How to install libboost 1.48?
Apt-get crashes with : relocation error: libapt-pkg.so.4.12
How can I customize an icon on the dash/launcher?
16.04 - How To Grant Read Write Access To Folder / File after Messing Up
Ubuntu Server "shuts down" ~daily