See Post #2, Post #11 and Post #15 - as the build date seems important - for when a patch was applied.
Your build date is in the second line
OpenSSL 1.0.1e 11 Feb 2013
built on: Mon Apr 7 20:31:43 UTC 2014
platform: debian-i386
Ubuntu addict and loving it
See Post #2, Post #11 and Post #15 - as the build date seems important - for when a patch was applied.
Your build date is in the second line
OpenSSL 1.0.1e 11 Feb 2013
built on: Mon Apr 7 20:31:43 UTC 2014
platform: debian-i386
First Cup of Ubuntu
Good advice but what has confused me is this from post #1Originally Posted by 23dornot23d
Affected versions: OpenSSL versions from 1.0.1 to 1.0.1f.
The vulnerability has been fixed in OpenSSL 1.0.1g.
What are you planning?
All the affected versions are still running 1.0.1e, even on CentOS, so they probably just rebuild that version with the patch instead of upgrading to the newer version.
Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide
Tomorrow's an illusion and yesterday's a dream, today is a solution...
Just Give Me the Beans!
Again, dad2, read the earlier responses, particularly:
This means that even though 1.0.1e contained the heartbleed vulnerability when it was first released, the package maintainers have since applied a code patch which closes the vulnerability, and uploaded the patched binaries to the repository. As long as your build date is after this happened (on April 7) you're safe.
First Cup of Ubuntu
I suppose you could use this PPA: ppa:george-edison55/openssl-heartbleed-fix to update your openssl package.
I really have no clue if this would help end users, I did this since i run a development server which uses some SSL certs.
$ sudo apt-add-ppa-repository ppa:george-edison55/openssl-heartbleed-fix
$ sudo apt-get update
$ sudo apt-get upgrade
Done..
Hope this helps.
Ubuntu addict and loving it
It's not necessary to use a PPA. The current repository version contains the patch.
Security patches are often "backported" and applied to the current release version of a package without a major version change. That's what happened here.
If you ask for help, do not abandon your request. Please have the courtesy to check for responses and thank the people who helped you.
Blog · Linode System Administration Guides · Android Apps for Ubuntu Users
Frothy Coffee!
Hi,
As someone using Ubuntu and concerned about security I have of course tried to understand the true implications of Heartbleed. There's been a lot of hype and misinformation, so I was really pleased to come across a piece on Hearbleed that went a little deeper and explains what is really going on and suggest solutions:
https://vivaldi.net/blogs/entry/hear...-to-heartbreak
Caffeine Fueled
Merged two similar threads.
Posting Permissions
Adv Reply
Bookmarks