mihdan
7/9/2016 - 8:58 PM

Fix OpenSSL Padding Oracle vulnerability (CVE-2016-2107) - Ubuntu 14.04

Fix OpenSSL Padding Oracle vulnerability (CVE-2016-2107) - Ubuntu 14.04

# Based on http://fearby.com/article/update-openssl-on-a-digital-ocean-vm/

$ sudo apt-get update
$ sudo apt-get dist-upgrade

$ wget ftp://ftp.openssl.org/source/openssl-1.0.2h.tar.gz
$ tar -xvzf openssl-1.0.2h.tar.gz
$ cd openssl-1.0.2h
$ ./config --prefix=/usr/
$ make depend
$ sudo make install
$ openssl version
# OpenSSL 1.0.2h  3 May 2016

# now restart your nginx or other server
$ sudo service nginx restart

# check your website here https://www.ssllabs.com/ssltest/