Patched OpenSSL for the Heartbleed Bug

Phil Wyett aura.yoda at gmail.com
Wed Apr 9 18:40:51 UTC 2014 

On Wed, 2014-04-09 at 23:48 +0530, Shenal Silva wrote:
> Thanx Phil for your prompt reply . 
> So long story short security update for Trusty Tahr (14.04) Beta users
> won't be available anytime soon is it ??
> 
> Regards,
> Shenal Silva,
> Mobile:+94718670210
>           +94786903735
> Skype:shenal777
> 
> 
> On 9 April 2014 20:53, Phil Wyett <aura.yoda at gmail.com> wrote:
>         On Wed, 2014-04-09 at 20:32 +0530, Shenal Silva wrote:
>         > Hi All,
>         > As most of you'll know A serious vulnerability called the
>         "Hearbleed"
>         > bug has been discovered and the vulnerable version (OpenSSL
>         1.0.1f 6
>         > Jan 2014) is the version still in the repositories. Can
>         someone look
>         > into updating the repositories with the patched version
>         (1.0.0g) it
>         > would be really good
>         > Regards,
>         > Regards,
>         > Shenal Silva,
>         > Mobile:+94718670210
>         >           +94786903735
>         > Skype:shenal777
>         
>         
>         Updates for supported releases:
>         http://www.ubuntu.com/usn/usn-2165-1/
>         
>         Trusty aka what will be 14.04:
>         
>         openssl (1.0.1f-1ubuntu2) trusty; urgency=medium
>         
>           * SECURITY UPDATE: side-channel attack on Montgomery ladder
>         implementation
>             - debian/patches/CVE-2014-0076.patch: add and use constant
>         time swap
>         in
>               crypto/bn/bn.h, crypto/bn/bn_lib.c,
>         crypto/ec/ec2_mult.c,
>               util/libeay.num.
>             - CVE-2014-0076
>           * SECURITY UPDATE: memory disclosure in TLS heartbeat
>         extension
>             - debian/patches/CVE-2014-0160.patch: use correct lengths
>         in
>               ssl/d1_both.c, ssl/t1_lib.c.
>             - CVE-2014-0160
>         
>         Date: Mon, 07 Apr 2014 15:37:53 -0400
>         Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
>         
>         Regards
>         
>         Phil
>         
>         --
>         
>         Phil Wyett
>         {
>             GNU Linux User and Developer
>             Leigh GNU Linux User Group (http://leigh.lug.org.uk)
>             IRC: philwyett
>             Twitter: philwyett and leigh_lug
>         }
>         
>         --
>         Ubuntu-GNOME mailing list
>         Ubuntu-GNOME at lists.ubuntu.com
>         Modify settings or unsubscribe at:
>         https://lists.ubuntu.com/mailman/listinfo/ubuntu-gnome
>         
> 
> 

The updated and fixed '1.0.1f-1ubuntu2' package is on the servers now
and an upgrade will pull it in and install it.

To check which version is install do (in terminal):

dpkg -s openssl

Regards

Phil

-- 

Phil Wyett
{
    GNU Linux User and Developer
    Leigh GNU Linux User Group (http://leigh.lug.org.uk)
    IRC: philwyett
    Twitter: philwyett and leigh_lug
}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-gnome/attachments/20140409/6253dcac/attachment-0001.pgp>

More information about the Ubuntu-GNOME mailing list