Comment by josh-wrale
12 years ago
I would tread lightly here if you aren't comfortable with compiling. Rather than break your website, it might be better to take it down until your distro's packages are available.
You should probably spend your time investigating a good method of reissuing keys for when you get to a stable OpenSSL version.
Some apps have OpenSSL statically compiled into the binaries. Beware that what you think is fixed may not be.
Well, I'm not really in position of taking the whole service down at this moment, I would really like to have a way to patch it instead.
Depending on the distro on which you're based, you may find that making a new package from a source package (e.g. srpm) would be the safest route even if you're in a hurry.
If you're on Ubuntu, it would appear at least the updated base (OpenSSL itself) packages are now in the repos.
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-20...