OpenSSL is one of the most ubiquitous components in a secure network environment. In fact, chances are good that if you accessed the Internet today your browser communicated with a number of servers running OpenSSL. Today, an announcement was made describing a critical flaw in the OpenSSL source code.
According to heartbleed.com (which goes into quite a bit of detail):
The Heartbleed bug ... allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet.
What does this mean? If you are viewing a website that encrypts traffic (look for the
https:// protocol in the address bar), it may be possible under certain conditions for an attacker to obtain the remote server's private key and decrypt content exchanged between you and the website you are viewing.
Update: Ubuntu has issued a USN containing updated packages for Ubuntu 14.04, 13.10, 12.10, and 12.04. In other words, check for updates and install them.
This bug has now been fixed and a new version of OpenSSL released (v1.0.1g). Unfortunately this hasn't hit the archives yet, so if you are really in desperate need of a patched copy of the library, do not despair!
We have a PPA:
Currently, we have packages for the following series:
You can install everything with the following three commands:
sudo add-apt-repository ppa:george-edison55/openssl-heartbleed-fix sudo apt-get update sudo apt-get upgrade
Now you can breathe a sigh of relief.
If you are running into errors running "add-apt-repository" on Ubuntu 12.04, install the "python-software-properties" package with the following command and try again:
sudo apt-get install python-software-properties
Download the official 2buntu app for both Android and Ubuntu Touch.