See Post #2, Post #11 and Post #15 - as the build date seems important - for when a patch was applied.
Your build date is in the second line
Quote:
OpenSSL 1.0.1e 11 Feb 2013
built on: Mon Apr 7 20:31:43 UTC 2014
platform: debian-i386
Printable View
See Post #2, Post #11 and Post #15 - as the build date seems important - for when a patch was applied.
Your build date is in the second line
Quote:
OpenSSL 1.0.1e 11 Feb 2013
built on: Mon Apr 7 20:31:43 UTC 2014
platform: debian-i386
All the affected versions are still running 1.0.1e, even on CentOS, so they probably just rebuild that version with the patch instead of upgrading to the newer version.
Again, dad2, read the earlier responses, particularly:
This means that even though 1.0.1e contained the heartbleed vulnerability when it was first released, the package maintainers have since applied a code patch which closes the vulnerability, and uploaded the patched binaries to the repository. As long as your build date is after this happened (on April 7) you're safe.
I suppose you could use this PPA: ppa:george-edison55/openssl-heartbleed-fix to update your openssl package.
I really have no clue if this would help end users, I did this since i run a development server which uses some SSL certs.
$ sudo apt-add-ppa-repository ppa:george-edison55/openssl-heartbleed-fix
$ sudo apt-get update
$ sudo apt-get upgrade
Done..
Hope this helps.
It's not necessary to use a PPA. The current repository version contains the patch.
Security patches are often "backported" and applied to the current release version of a package without a major version change. That's what happened here.
Hi,
As someone using Ubuntu and concerned about security I have of course tried to understand the true implications of Heartbleed. There's been a lot of hype and misinformation, so I was really pleased to come across a piece on Hearbleed that went a little deeper and explains what is really going on and suggest solutions:
https://vivaldi.net/blogs/entry/hear...-to-heartbreak
Merged two similar threads.