In a hurry? See my question under the --------------- line.

I follow Falko Timme's Twitter feed and am glad I do, even thought I'm an end user of Ubuntu. Today, Mr. Timme warned of an attack vector to #Openssl #Heartbleed #vulnerability. timme server.png

I opened the link "How To Find Out If Your Server Is Affected"

and, even though I cannot recall ever installing something named: OpenSSL, I was surprised to see that this package is installed on my home desktop box, which I, AFAIK, does NOT serve anything whatsoever.

To be safe, I ran:

sudo update
sudo upgrade
and then had a look at the version:

openssl version
mark@Lexington:~$ dpkg-query -l 'openssl'
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name           Version        Description
ii  openssl        1.0.1-4ubuntu5 Secure Socket Layer (SSL) binary and related
As Mr. Timme's SourceForge page specified "your server might be vulnerable as the version is below 1.0.1g. " And I cannot understand what package I have installed as the return from dpkg shows only 4ubuntu5 and not the alphabet revision, I'm frankly worried my computer may be vulnerable.

I have also read these relevant pages to this attack vector:

USN-2165-1: OpenSSL vulnerabilities


I don't want to upgrade from Ubuntu Ver. 12.04LTS (Precise Pangolin) until the whole Ubuntu community does. (I'm a computer follower, not leader), so:


What package of Openssl is installed on my computer? Is it a package that is vulnerable? It if is vulnerable is there a fix other than upgrading from 12.04?