How to update Ubuntu to plug the Heartbleed OpenSSL flaw

July 6, 2021 . 2 MIN READ

The Heartbleed OpenSSL bug is unlike virtually any Internet security threat you’ve probably ever heard of. It’s not a virus that’s specific to one operating system or type of device. Since it revolves around a flaw in the method of encryption used by many of the world’s websites, it affects almost everyone who uses the Internet, including people who operate servers that run Ubuntu Linux, the free, open-source operating system.

MORE: Which websites are affected by the Heartbleed OpenSSL encryption bug?

Fortunately, with the help of a few commands, you can check whether the version of Ubuntu you’re using is vulnerable to the Heartbleed bug, and also update Ubuntu to ensure that the vulnerability is sealed and patched. It’s important to note that multiple versions of Ubuntu are affected, including Ubuntu 12.04 LTS, Ubuntu 12.10, and Ubuntu 13.10, so it’s imperative that you ensure that the version you run is safe — or update to one that is. Here’s how, according to ansoncheunghk.info.

First, run this command: # sudo openssl version -a. What’s important here is the line that starts with “built on,” which gives you a date for the version of Ubuntu you’re running on your server. If you’re using a version dated before April 7, it is vulnerable to the Heartbleed bug. If it’s dated on or after April 7, you’re in the clear. Here’s what to do if you aren’t, like the the version pictured below, which is dated June 4, 2013.

Run this command: # sudo apt-get dist-upgrade. This will patch your version of Ubuntu with the latest security update.

3. Then restart your Ubuntu server using this command: # sudo reboot. Once reboot is complete, use the same command you used in Step 1 to verify that your Ubuntu install is dated for April 7 or later by checking the line that begins with “built on.”