Updating To OpenSSL 1.0.2g On Ubuntu Server 12.04 & 14.04 LTS To Stop CVE-2016-0800 (DROWN attack)

It was a bit difficult to find any real information on fixing the latest openSSL CVE-2016-0800 (DROWN attack) so I decided to write this quick post on how to update your Ubuntu Server 12.04/14.04 OpenSSL (or any debian-based distro with apache2) to the latest 1.0.2g build to avoid the DROWN/Heartbleed attacks. I’m not going to go into the details of how the exploit works and how it’s exploited as there are many blogs/sites that already go over this. Instead I will only focus on the fix, I have provided 2 methods, a method using cURL or wget.

*** UPDATED 7/4/2017 ***
Because this is a popular post, I’ve gone ahead and updated it to reflect latest SSL binaries, it’s good practice to check what the latest binaries are regardless of this post.

cURL Method

  1. sudo apt-get install php5-curl (Install cURL library)
  2. sudo apt-get install make (Install compiling library Make)
  3. curl https://www.openssl.org/source/openssl-1.0.2l.tar.gz | tar xz && cd openssl-1.0.2l && sudo ./config && sudo make && sudo make install (single command that will download latest binaries, extract them, cd into the directory, compile configuration and then install the files)
  4. sudo ln -sf /usr/local/ssl/bin/openssl ‘which openssl’ (This will create a sym link to the new binaries)
  5. openssl version -v (Used to check the version of the Current OpenSSL binaries)

wget method

  1. sudo apt-get install make (Install compiling library Make)
  2. wget https://www.openssl.org/source/openssl-1.0.2l.tar.gz (Download the latest OpenSSL 1.0.2g binaries)
  3. tar -xzvf openssl-1.0.2l.tar.gz (Extract the tar ball to the local directory)
  4. cd openssl-1.0.2l (Enter extracted OpenSSL directory)
  5. sudo ./config (Configure binaries for compiling)
  6. sudo make install (install configured binaries)
  7. sudo ln -sf /usr/local/ssl/bin/openssl `which openssl` (This will create a sym link to the new binaries)
  8. openssl version -v (Used to check the version of the Current OpenSSL binaries)

This was tested on both Ubuntu Server 12.04 & 14.04 LTS versions. Questions? Comments?

Published by

Miguel

I’m a bilingual Network Engineer. I have over 20 Years of Professional experience in Computer Science & Information Technology. I currently own and operate Web Semantics (www.websemantics.com) in Vancouver, Washington. I provide bilingual (English & Spanish) enterprise-level IT support to small and medium-sized businesses across the West Coast. *** Soy un ingeniero de redes bilingüe. Tengo más de 20 años de experiencia profesional en ciencias de la computación y tecnología de la información. Actualmente poseo y opero Web Semantics (www.websemantics.com) en Vancouver, Washington. Proporciono soporte de IT/Informática bilingüe (inglés y español) a nivel empresarial a pequeñas y medianas empresas en toda la costa oeste.

Leave a Reply