How to patch the Vulnerability [CVE-2014-0224] in OpenSSL?

1. Make sure you have a currently supported release: 10.04-server, 12.04, 14.04 or 13.10.

   ~$ lsb_release -a
   No LSB modules are available.
   Distributor ID: Ubuntu
   Description:    Ubuntu 12.04.4 LTS
   Release:    12.04
   Codename:   precise
   

2. Make sure you install the latest updates. sudo apt-get update && sudo apt-get upgrade

3. Verify. apt-cache policy openssl should show as installed version 1.0.1-4ubuntu5.14.

   apt-cache policy openssl
   openssl:
     Installed: 1.0.1-4ubuntu5.14
     Candidate: 1.0.1-4ubuntu5.14
     Version table:
    *** 1.0.1-4ubuntu5.14 0
           500 http://archive.ubuntu.com/ubuntu/ precise/main i386 Packages
           500 http://archive.ubuntu.com/ubuntu/ precise-security/main i386 Packages
           500 http://archive.ubuntu.com/ubuntu/ precise-updates/main i386 Packages
           100 /var/lib/dpkg/status
   

4. Restart any services or the system just to be sure.

The answer given does not answer the question, and as far as the latest package for x86_64 14.04 the latest openssl package info is (if others have dif please let me know):

openssl:
  Installed: 1.0.1f-1ubuntu2.3
  Candidate: 1.0.1f-1ubuntu2.3
  Version table:
 *** 1.0.1f-1ubuntu2.3 0
        500 mirror://mirrors.ubuntu.com/mirrors.txt/ trusty-updates/main amd64 Packages
        500 mirror://mirrors.ubuntu.com/mirrors.txt/ trusty-security/main amd64 Packages
        500 http://us.archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu/ trusty-security/main amd64 Packages
        100 /var/lib/dpkg/status
     1.0.1f-1ubuntu2 0
        500 mirror://mirrors.ubuntu.com/mirrors.txt/ trusty/main amd64 Packages
        500 http://us.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages

I have been messing around with installing/upgrading that to version 1.0.1h from HERE with no luck yet, when I make some headway I will check back in.

*****UPDATE: So I found the solution on another thread that just needed to be updated (source post listed below):**

Below the single command line to compiling and install the last openssl version.

curl https://www.openssl.org/source/openssl-1.0.1h.tar.gz | tar xz && cd openssl-1.0.1h && sudo ./config && sudo make && sudo make install

Replace old openssl binary file by the new one via a symlink. Go to /usr/bin in terminal and run command below

sudo ln -sf /usr/local/ssl/bin/openssl `which openssl`

Reboot and you are good to go. You may want/need to create new certificates. Here is the original thread/post I updated. SOURCE

My output after running commands and rebooting:

OpenSSL 1.0.1h 5 Jun 2014
built on: Sat Jun 14 22:43:13 EDT 2014
platform: linux-x86_64
options:  bn(64,64) rc4(16x,int) des(idx,cisc,16,int) idea(int) blowfish(idx) 
compiler: gcc -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
OPENSSLDIR: "/usr/lib/ssl"

The vulnerability affects OpenSSL clients. Clients using OpenSSL versions below 1.0.1 connecting to servers running OpenSSL versions 1.0.1 and higher are vulnerable and should be updated.

The OpenSSL team has released a new versions.

The only way to fix it is to install updated OpenSSL packages and restart affected services. At this time, this doesn't cause certificate or private key information leaking.

For more information see here