14.04 LTS brings OpenSSL 1.0.1.f .... heartbleed !
BONNET, Frank
frank.bonnet at esiee.fr
Thu Apr 17 14:43:34 UTC 2014
OK thanks for the quick answer :-)
*Frank BONNET*
Systemes UNIX et Reseaux
ESIEE PARIS
01.45.92.66.17 - 06.70.37.37.69
2014-04-17 16:20 GMT+02:00 Marc Deslauriers <marcdeslauriers at videotron.ca>:
> On 14-04-17 10:17 AM, BONNET, Frank wrote:
>
>
> Just installed 14.04 LTS and check the openssl version !!!
>
> OpenSSL> version
> OpenSSL 1.0.1f 6 Jan 2014
> OpenSSL>
>
>
> The openssl package version 1.0.1f-1ubuntu2 contains a backported fix for
> heartbleed. 14.04 LTS is not vulnerable.
>
> From the changelog:
>
> openssl (1.0.1f-1ubuntu2) trusty; urgency=medium
>
> * SECURITY UPDATE: side-channel attack on Montgomery ladder implementation
> - debian/patches/CVE-2014-0076.patch: add and use constant time swap in
> crypto/bn/bn.h, crypto/bn/bn_lib.c, crypto/ec/ec2_mult.c,
> util/libeay.num.
> - CVE-2014-0076
> * SECURITY UPDATE: memory disclosure in TLS heartbeat extension
> - debian/patches/CVE-2014-0160.patch: use correct lengths in
> ssl/d1_both.c, ssl/t1_lib.c.
> - CVE-2014-0160
>
> -- Marc Deslauriers <marc.deslauriers at ubuntu.com <https://launchpad.net/%7Emdeslaur>> Mon, 07 Apr 2014 15:37:53 -0400
>
>
> Marc.
>
>
> --
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20140417/2fb3c340/attachment.html>
More information about the ubuntu-users
mailing list