Patched OpenSSL for the Heartbleed Bug

Phil Wyett aura.yoda at gmail.com
Wed Apr 9 15:23:12 UTC 2014


On Wed, 2014-04-09 at 20:32 +0530, Shenal Silva wrote:
> Hi All, 
> As most of you'll know A serious vulnerability called the "Hearbleed"
> bug has been discovered and the vulnerable version (OpenSSL 1.0.1f 6
> Jan 2014) is the version still in the repositories. Can someone look
> into updating the repositories with the patched version (1.0.0g) it
> would be really good
> Regards,
> Regards,
> Shenal Silva,
> Mobile:+94718670210
>           +94786903735
> Skype:shenal777

Updates for supported releases: http://www.ubuntu.com/usn/usn-2165-1/

Trusty aka what will be 14.04:

openssl (1.0.1f-1ubuntu2) trusty; urgency=medium

  * SECURITY UPDATE: side-channel attack on Montgomery ladder
implementation
    - debian/patches/CVE-2014-0076.patch: add and use constant time swap
in
      crypto/bn/bn.h, crypto/bn/bn_lib.c, crypto/ec/ec2_mult.c,
      util/libeay.num.
    - CVE-2014-0076
  * SECURITY UPDATE: memory disclosure in TLS heartbeat extension
    - debian/patches/CVE-2014-0160.patch: use correct lengths in
      ssl/d1_both.c, ssl/t1_lib.c.
    - CVE-2014-0160

Date: Mon, 07 Apr 2014 15:37:53 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>

Regards

Phil

-- 

Phil Wyett
{
    GNU Linux User and Developer
    Leigh GNU Linux User Group (http://leigh.lug.org.uk)
    IRC: philwyett
    Twitter: philwyett and leigh_lug
}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-gnome/attachments/20140409/0a2aef53/attachment.pgp>


More information about the Ubuntu-GNOME mailing list