2

This is a new question after I saw the answer at "How to patch the Heartbleed bug (CVE-2014-0160) in OpenSSL?".

I have a vServer with Ubuntu 12.04LTS. Because of the Heartbleed-Bug in OpenSSL1.0.1 I upgraded all possible packages on my vServer. dpkg -l | grep openssl says:

ii  openssl    1.0.1-4ubuntu5.12    Secure Socket Layer (SSL) binary and related cryptographic tools

I rebooted the vServer, created new certificates and rebooted the server again, but the self test says the server is vulnerable.

Where is my fault?

Community
  • 1
cyper
  • 121
  • 1
  • 3
  • The output says that you have the path. The "selftest" algorithm could be wrong, not your system. – Lucio Apr 08 '14 at 18:01
  • Have you updated libssl1.0.0? That's the actual library that other applications like apache2, nginx or postfix use. – tnj Apr 10 '14 at 10:21
  • I upgrade all packages on the server. – cyper Apr 15 '14 at 23:02
  • That is answered in the question you referenced. I have also provided a more detailed answer to: http://askubuntu.com/questions/450076/openssl-remains-vulnerable-after-update-to-14-04 – david6 Apr 18 '14 at 22:21

0 Answers0