LPIC-3 Objective 320.1
In this tutorial we look at the real need to work with the very latest version of software from the source when security is involved.
Even though it is most likely that recent distribution updates will include later version of OpenSSL we need to make sure that we avoid version 1.01 through to version 1.0.1f as these are affected by the Heartbleed bug. Earlier versions in the 1.0.0 branch are fine as is 0.9.8. A quick check on my Raspberry Pi and it is running OpenSSL version 1.0.1e, not good.
The version of openSSL can be checked running:
$ openssl version
This is true in the Raspberry Pi up to and including the latest version of Debian Wheezy, 7.8 Image that I downloaded during February 2015:
In any case, it is your responsibility to ensure your system is running safely and securely and often that does mean downloading from source. The latest version from OpenSSL currently as this is written is 1.0.2 and this is what we will download and compile:
$ cd wget https://www.openssl.org/source/openssl-1.0.2.tar.gz tar -xzvf openssl-1.0.2.tar.gz cd openssl-1.0.2 ./configure make sudo make install
Once installed we should be able to see the new version and relax knowing that our system is now safe from Heartbleed. To display more information about OpenSSL we can use the option:
$ openssl -a
There will be more tutorials following to help with this LPIC-3 objective but for the moment lets ensure we are are running 1.0.1f or later and watch the video: