I read Kenton Warda's post that the exploit in SSL in most Linux OS's have been patched. Has Ubuntu been patched? What should I avoid doing if it isn't?
Asked
Active
Viewed 79 times
2 Answers
1
The Exploit is in OpenSSL - www.heartbleed.com has a lot of the correct information out there.
OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
OpenSSL 1.0.1g is NOT vulnerable
OpenSSL 1.0.0 branch is NOT vulnerable
OpenSSL 0.9.8 branch is NOT vulnerable
So it all depends on your current version
Loki
- 66
-
www.heartbleed.com says "1.0.1g or newer should be used", but Ubuntu suggests 1.0.1e-3ubuntu1.2 is fine. – Sparhawk Apr 10 '14 at 01:36
1
There seems to be a lot of people worried about this. I didn't noticed any update but you can test your server here.
Not sure how reliable it is, but it's an open source project so maybe somebody can check it out. Just to point out I didn't do any manual upgrade or anything, just the normal updates from the official repositories.
animaletdesequia
- 8,354