Update openssl in debian squeeze

There is this CVE-2014-0224 bug in openssl so I would like to update my affected

# openssl version
OpenSSL 0.9.8o 01 Jun 2010

But there is no update for squeeze. I read the it is already fixed in squeeze-LTS. What I am supposed to do? Will there be an fix for squeeze and I just need to wait?

Should I install an openssl update manually? How? I tried to install openssl-0.9.8za and openssl-1.0.1h with wget, ./config, make, make install but openssl version is still that same. I also tried config parameters but with this build fails.


Solution 1:

squeeze is not supported anymore. see Debian Security Announcement for the reasons.

If you want to have security updates you need to change your sources.list

You even qoute the post where it stands what you need to enter:

cat /etc/apt/sources.list | grep lts

deb http://ftp2.de.debian.org/debian squeeze-lts main contrib non-free

deb-src http://ftp2.de.debian.org/debian squeeze-lts main contrib non-free

This only works for x86 and x64

So you have to do following (qouting the wiki):

for binary packages add this line:

deb http://http.debian.net/debian/ squeeze-lts main contrib non-free

for source packages add this line:

deb-src http://http.debian.net/debian/ squeeze-lts main contrib non-free

Source: Debian Wiki

However the lts support has also run out.

Information for users

Support for Squeeze LTS will end five years after the release of Squeeze, i.e. until the 6th of February 2016.

Source : Debian Security Information