0

I recently heard about some vulnerability in older versions of OpenSSL i.e. before 1.1.1i .

I checked my servers and found that most have either 1.1.0l or 1.1.1f . The recommended update version was 1.1.1i .

Checked for Ubuntu DEB packages for 1.1.1i and found no mention in Ubuntu site. In Debian site the versions 1.1.1i-1 is in Testing and 1.1.1i-2 is in Unstable Stage.

Found there is an official TAR package from OpenSSL https://www.openssl.org/source/openssl-1.1.1i.tar.gz

If I install the TAR file should it cause problems for any other ubuntu software dependent on OpenSSL ubuntu package? I know that by installing the TAR file I have to handle future update/upgrades manually.

Should I install or upgrade 1.1.1i from the TAR file only or wait for Ubuntu to release the update for 1.1.1i?

Abhishek Jayaram
  • 1
  • 1
    "Some vulnerability" is too vague. All disclosed vulnerabilities have a CVE number. Specify the CVE that you are worried about. Better yet, check the CVE database at http://www.ubuntu.com/security to see if the CVE is relevant to your release of Ubuntu, and/or the status of work to mitigate the vulnerability. – user535733 Jan 20 '21 at 04:42
  • What is your version of Ubuntu? – David Jan 20 '21 at 06:51

0 Answers0