OpenSSL Server Heartbeat or Heartbleed vulnerability
In a hurry? See my question under the --------------- line.
I follow Falko Timme's Twitter feed and am glad I do, even thought I'm an end user of Ubuntu. Today, Mr. Timme warned of an attack vector to #Openssl #Heartbleed #vulnerability. timme server.png
I opened the link "How To Find Out If Your Server Is Affected"
and, even though I cannot recall ever installing something named: OpenSSL, I was surprised to see that this package is installed on my home desktop box, which I, AFAIK, does NOT serve anything whatsoever.
To be safe, I ran:
and then had a look at the version:
As Mr. Timme's SourceForge page specified "your server might be vulnerable as the version is below 1.0.1g. " And I cannot understand what package I have installed as the return from dpkg shows only 4ubuntu5 and not the alphabet revision, I'm frankly worried my computer may be vulnerable.
mark@Lexington:~$ dpkg-query -l 'openssl'
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Description
ii openssl 1.0.1-4ubuntu5 Secure Socket Layer (SSL) binary and related
I have also read these relevant pages to this attack vector:
USN-2165-1: OpenSSL vulnerabilities
I don't want to upgrade from Ubuntu Ver. 12.04LTS (Precise Pangolin) until the whole Ubuntu community does. (I'm a computer follower, not leader), so:
What package of Openssl is installed on my computer? Is it a package that is vulnerable? It if is vulnerable is there a fix other than upgrading from 12.04?
AMD Athlon II X4 620, 4gig ddr2-800, m/b MSI K9N6PGM2, 1T SATA, EVGA 9500GT, Brother MFC-240C prntr, LG DVD-rom GSA-H55N