Why don't you update? If Ubuntu says you need 5.12, and that heartbleed site says you're vulnerable, what's the problem?
I have the following installed, which was updated yesterday or today on my machine.
ii openssl 1.0.1-4ubuntu5.12
The answer given does not answer the question, and as far as the latest package for x86_64 14.04 the latest openssl package info is (if others have dif please let me know):
openssl:
Installed: 1.0.1f-1ubuntu2.3
Candidate: 1.0.1f-1ubuntu2.3
Version table:
*** 1.0.1f-1ubuntu2.3 0
500 mirror://mirrors.ubuntu.com/mirrors.txt/ trusty-updates/main amd64 Packages
500 mirror://mirrors.ubuntu.com/mirrors.txt/ trusty-security/main amd64 Packages
500 http://us.archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 Packages
500 http://security.ubuntu.com/ubuntu/ trusty-security/main amd64 Packages
100 /var/lib/dpkg/status
1.0.1f-1ubuntu2 0
500 mirror://mirrors.ubuntu.com/mirrors.txt/ trusty/main amd64 Packages
500 http://us.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages
I have been messing around with installing/upgrading that to version 1.0.1h from HERE with no luck yet, when I make some headway I will check back in.
*****UPDATE: So I found the solution on another thread that just needed to be updated (source post listed below):**
Below the single command line to compiling and install the last openssl version.
curl https://www.openssl.org/source/openssl-1.0.1h.tar.gz | tar xz && cd openssl-1.0.1h && sudo ./config && sudo make && sudo make install
Replace old openssl binary file by the new one via a symlink. Go to /usr/bin in terminal and run command below
sudo ln -sf /usr/local/ssl/bin/openssl `which openssl`
Reboot and you are good to go. You may want/need to create new certificates. Here is the original thread/post I updated. SOURCE
My output after running commands and rebooting:
OpenSSL 1.0.1h 5 Jun 2014
built on: Sat Jun 14 22:43:13 EDT 2014
platform: linux-x86_64
options: bn(64,64) rc4(16x,int) des(idx,cisc,16,int) idea(int) blowfish(idx)
compiler: gcc -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
OPENSSLDIR: "/usr/lib/ssl"
Best Answer
Security updates are available for 12.04, 12.10, 13.10 and 14.04 see Ubuntu Security Notice USN-2165-1.
So first you need to apply the available security updates, for example by running
from the command line.
Do not forget to restart the services (HTTP, SMTP, etc.) that use the affected OpenSSL version, otherwise you are still vulnerable. See also Heartbleed: What is it and what are options to mitigate it? on Serverfault.com.
The following command shows (after an upgrade) all services that need to be restarted:
After that, you need to regenerate all server SSL keys, then evaluate whether your keys may have leaked, in which case attackers may have retrieved confidential information from your servers.