On Ubuntu and Debian, you can update by typing:
sudo apt-get update
sudo apt-get dist-upgrade
If you only want to upgrade the affected packages, and not update the entire system (only recommended if you have reason to believe that upgrades to other components will break your system), you can selectively upgrade the OpenSSL packages by typing:
sudo apt-get install --only-upgrade openssl
sudo apt-get install --only-upgrade libssl1.0.0
This will upgrade the vulnerable packages while leaving the rest of your system in an un-upgraded state.
On CentOS and Fedora, you can type this to update the entire system: yum update
If you wish to only upgrade the affected package, you can instead issue this command: yum update openssl
Again, this is only recommended if you have a specific reason for not updating the complete system.
You should check your version of OpenSSL after you have updated your system While OpenSSL version 1.0.1g is the official fix of this problem, the version that fixes this for different distributions and releases may vary. Some releases and distributions patched their older versions to fix the problem, rather than releasing an entirely new version into an older, stable ecosystem. Because of this reason, it is best to check through your distribution's packaging system, since the openssl version command might not reflect the information we need.
Debian and Ubuntu Releases and Fix Versions
For Debian and Ubuntu systems, you get the current version of your OpenSSL package by typing:
dpkg -l | grep "openssl"
You should receive output like this: ii openssl 1.0.1e-2+deb7u6 amd64 Secure Socket Layer (SSL) binary and related cryptographic tools From above shown output check the reported version on the official site for the list of affected version for the Heartbleed vulnerability. If the reported version is mentioned in the site under affected version the advised to update the OS or check the OPEN SSL package is updated properly.
CentOS and Fedora Releases and Fix Versions
For CentOS and Fedora systems, you can query the version of the OpenSSL package installed on your system by typing:
rpm -q -a | grep "openssl"
You should receive output that looks like this:
From above shown output check the reported version on the official site for the list of affected version for the Heartbleed vulnerability. If the reported version is mentioned in the site under affected version the advised to update the OS or check the OPEN SSL package is updated properly.
If you have purchased an SSL certificate from a provider and you have updated your OpenSSL packages on your server, you will need to revoke your old keys and you'll have to reissue new keys. This is a process known as "rekeying". This process is very dependent upon the SSL service that issued your initial certificate, but you should search their administration interface for an option that is similar to "rekey" or "reissue keys". Most SSL issuers will revoke your former key when you rekey, but you can usually also do this explicitly using their administrative interface. Follow the directions that your SSL provider gives you. They may give you very specific instructions for how to regenerate a CSR, or they may not.
If they do not provide you with the specific openssl commands that they would like you to use, you can generate your new SSL CSR by typing something like this. Again, add sudo if you are not root: openssl req -new -newkey rsa:2048 -nodes -keyout hostname.key -out hostname.csr
You will need to copy your generated CSR into your provider's web interface after generation in order to rekey your server. You will then need to download the new certificate from the web interface.
You will have to install the new keys to the same location that your old keys and certificates were kept. The path that you'll need to use for your certificate and keys will vary by distribution and how you configured your web server. For instance, some are kept in /etc/ssl/certs while others may be kept in locations provided by your web server.
For example, if you are using the Apache web server, you should see a line in your main Apache configuration file, a virtualhost file, or a separately sourced configuration file that points to the location where it looks for your SSL information:
These may look different, but they should point you in the correct direction to find your SSL certificate location. When you are finished, you should restart your web server to use the new keys. The method of doing this will vary by distribution and server.
On Debian or Ubuntu, you can restart your web server by typing:
sudo service apache2 restart # For Apache web server
On CentOS or Fedora, you can restart by typing:
sudo service httpd restart # For Apache web server
Because of the widespread nature of this bug, there are other considerations that you should take into account as well. As a consumer of web services and sites, you should also react quickly to try to minimize the potential damage to your accounts and information.