I am trying to fix openssl heartbleed bug on my server. I read that I can update the openssl version with the following command:
sudo apt-get install openssl libssl1.0.0
But when i try to run this command i get error like this:
libssl-dev : Depends: libssl1.0.0 (= 1.0.1-4ubuntu5.10) but 1.0.1-4ubuntu5.17 is to be installed
redis-server : Depends: redis-tools (= 2:2.8.9-1chl1~precise1) but 2:2.8.12-1chl1~precise1 is to be installed
and it asks me to run 'apt-get -f install'. When i try to run this command it tries to remove the redis-server. I cannot remove redis-server as my web app needs it. This is the error i get:
The following packages will be REMOVED:
redis-server
The following held packages will be changed:
redis-server
Is there any way to fix the heartbleed without removing the redis-server. I tried to hold the package using:
sudo apt-mark hold redis-tools redis-server
It holds the package but when I try to run sudo apt-get -f install to fix the openssl issue it still tries to remove the redis-server with same message as above.
Please help. Is there a way to fix heartbleed without removing redis-server and without recompiling the openssl.