How to fix heartbleed without apt-get upgrading everything?

Question

I ran apt-get install openssl

and verified that the new version .1g is installed

root@nyc2-04-www:~# apt-cache policy openssl
openssl:
  Installed: 1.0.1g-1
  Candidate: 1.0.1g-2
  Version table:
     1.0.1g-2 0
        500 http://http.debian.net/debian/ sid/main amd64 Packages
 *** 1.0.1g-1 0
        100 /var/lib/dpkg/status
     1.0.1e-2+deb7u6 0
        500 http://security.debian.org/ wheezy/updates/main amd64 Packages
     1.0.1e-2+deb7u4 0
        500 http://ftp.us.debian.org/debian/ wheezy/main amd64 Packages
        500 http://http.debian.net/debian/ wheezy/main amd64 Packages

However, I notice that even though the new openssl is installed, my servers are still vulnerable unless I do a full apt-get upgrade

See here: http://filippo.io/Heartbleed/#www.uat.phantomjscloud.com

How can I avoid doing the full apt-get upgrade, but ensure the new openssl is being used?

FYI I did verify that doing apt-get upgrade will fix heartbleed (i did that in my production server) But I'm currious as to why updating openssl isn't good enough.

FYI I am using nginx. I also did apt-get install nginx afterwards but that didn't resolve the issue either

UPDATE: running openssl version -a shows that 1.0.1f is still active, even after reboot.

Answer 1

apt-get install libssl1.0.0 fixes the problem