I tried fixing the heartbleed bug on my debian installation.
Most of the websites suggest, that updating to the newest Openssl release
fixes the problem.
Howevery, an "apt-get install openssl" did not fix the problem.
The test website http://filippo.io/Heartbleed/ said - still vulnerable, although
the newest openssl release was fetched by the apt command.
I found a more thoroughly explanation of a possible fix at:
But this also does not tell explicitly, which package to update...
Therefore I tell you which one: libssl1.0.0 does the trick...
apt-get install libssl1.0.0
An apt-get update may be wise to get the latest package infos before doing this.
Heise has also an interesting article about the bug at
However, only in german.
Don't forget that if you have been vulnerable, the keyset (public, private), the
certificate and the passwords should be changed.