The Heartbleed is a critical bug in the OpenSSL library. The vulnerability has been published 7th of April 2014. It allows stealing of information normally protected by the SSL/TLS encryption. SSL/TLS provides secure and private communication over the Internet via websites, email, IM, and VPNs. An attacker can exploit Heartbleed to get copies of fragments of a server memory including digital keys and then use that to impersonate servers or to decrypt traffic.
What to do?
OpenSSL is prevalent so many systems must be upgraded. The vulnerable versions are OpenSSL 1.0.1 to OpenSSL 1.0.1f inclusive. You can check OpenSSL version from command line:
Version 0.9.8 is not affected and does not need the upgrade
In order to apply the fix OpenSSL must be upgraded to version 1.0.1g. On Debian based systems usually it's enough to do:
sudo apt-get update
sudo apt-get upgrade
However it does not work on systems that are no longer supported like Ubuntu 13.04.
In such case you can use the compiled OpenSSL package prepared by SecurityKISS and available on Github. In order to apply the fix on Debian based systems like Linux Mint or Ubuntu please issue the following command: