What versions of the OpenSSL are affected?
Status of different versions:
– OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
– OpenSSL 1.0.1g is NOT vulnerable
– OpenSSL 1.0.0 branch is NOT vulnerable
– OpenSSL 0.9.8 branch is NOT vulnerable
Bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug.
How to manual upgrading OpenSSL on Debian6 & Directadmin.
OpenSSL 0.9.8c 05 Sep 2006
tar -xvzf openssl-1.1.1c.tar.gz
./config --prefix=/usr no-threads shared
OpenSSL 1.1.1c 28 May 2019
./build php d