How to test if you are effected by the Heartbleed vulnerability
To test if your on-premise deployment is vulnerable to the OpenSSL/Heartbleed vulnerability run the following command in a
console (this will output the version of OpenSSL installed) :
dpkg --list | grep libssl | awk '{print $3}'
The following OpenSSL versions are not affected by the vulnerability :
- 0.9.8g-10.1ubuntu2
- 1.0.1-4ubuntu5.12
If your OpenSSL version is not one of the above then your deployment is effected by this vulnerability and you should follow the remediation steps below.
How to remediate an effected deployment
Attached to this article are links to two patch files.
Upload these files to your VisibleThread appliance via SSH (Secure Shell) using port 22. The easiest way to do this is to use on of a number of freely available tools such as FileZilla (http://filezillaproject.org/) or WinSCP (http://www.winscp.net).
Connect to your Virtual Appliance using the following details:
- IP Address: The IP Address of your Virtual Appliance
- username: visiblethread
- Password: password (unless changed after deployment)
- Port: 22
Now upload the patch files to:
/home/visiblethread
Next, log on to the VisibleThread appliance console and execute the following commands:
sudo dpkg -i libssl1.0.0_1.0.1-4ubuntu5.12_amd64.deb openssl_1.0.1-4ubuntu5.12_amd64.deb
sudo service apache2 restart
dpkg --list | grep libssl | awk '{print $3}'
This should upgrade OpenSSL and output the new version number. You should now see that the version number is 1.0.1-4ubuntu5.12
If you have any questions or would like to talk please contact us : support@visiblethread.com