Heartbleed openssl from 1.0.1 to 1.0.1g vulnerability
Steve Riley
steve at rileyz.net
Wed Apr 9 17:34:46 UTC 2014
On 2014-04-09 at 05:39, Gene Heskett <gheskett at wdtv.com> wrote:
>
> Well, as I read the CVE, the vulnerability started with 1.0.1, but my
> installed version is 0.9.8f or so. Perhaps that version is not
> susceptible?
We're sorting through this were I work. The text of the CVE is:
"The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g..."
0.9.8f is not vulnerable, because that's an earlier version than 1.0.1. Only 1.0.1, and only before 1.0.1g, are vulnerable and require patches.
...Steve
More information about the kubuntu-users
mailing list