The Heartbleed bug found in OpenSSL needs addressing if you are using OpenSSL to generate TLS keys for HTTPS or FTPS in particular. Upgrading OpenSSL on Ubuntu is not just a matter of running ‘apt-get upgrade’ – this does not get the latest patched version. I found the answer was to install the openssl libssl-dev package. For more info see:
Once installed I checked openssl and got the following info:
user@myserver:~# openssl version -a OpenSSL 1.0.1 14 Mar 2012 built on: Mon Apr 7 20:33:29 UTC 2014 platform: debian-amd64
The important bit is ‘built on:’ – it should be April 7th or later.
It’s probably wise to make new TLS keys to replace any that may already be compromised.