It's not as simple as you might think checking that you've got an up-to-date version of OpenSSL installed, especially if you install it via a package manager, such as Apt. The reason for this is that the package installed versions don't always match up to the OpenSSL release versions.
For example, I want to make sure I have at least 1.0.1t installed, but ssh-ing onto the server and doing openssl version tells me it's 1.0.1f. No problem, I just sudo apt-get update and then sudo apt-get install openssl to upgrade to the latest version, but apt tells me I already have the latest version installed.
Apt isn't telling me lies, the reason is that the packages follow a different revision scheme. This is due to 'backpatching' that happens by the package maintainers (see https://superuser.com/questions/740418/determine-effective-security-version-when-faced-with-backpatching). The solution is to use apt-get changelog openssl to review the changeling and verify that the security fix you see on https://www.openssl.org is included in the package.
