I'm having ubuntu 14.04.4(server) with open ssl version 1.0.1f version. AM i vulnerable to heartbleed?

Question

I'm having ubuntu 14.04.4(server) with open ssl version 1.0.1f version

openssl: 1.0.1f 6 jan 2014
built on  mon feb 29 18:11:15 UTC 2016
platform: debian-amd64

What i need to know is that am i vulnerable to heartbleed? do ubuntu 14.04 has hearbleed fix? last but not the least the ubuntu package 2.18 and 2.16 vulnerable to heartbleed?

see http://askubuntu.com/questions/450151/is-ubuntu-14-04-secure-against-heart-bleed-bug and http://askubuntu.com/questions/444702/how-to-patch-the-heartbleed-bug-cve-2014-0160-in-openssl — Rinzwind, Mar 28 '16 at 15:13
the link that u shared has open ssl (1.0.1f-1ubuntu2) mine is just openssl: 1.0.1f . iam still confused . correct me if iam wrong here — weird 10, Mar 28 '16 at 15:17

cybea · Answer 1 · 2016-03-28T15:45:58.247

1

openssl version -a

If your build is older than April 7 2014 it may be vulnerable (from https://blog.pay4bugs.com/2014/04/08/howto-update-ubuntu-to-fix-heartbleed-ssl-bug/)

Your build is from feb 29 2016 - so not vulnerable

If you want to know the overall quality of your certificate and it is available from internet - check:

https://www.ssllabs.com/ssltest/index.html

edited Mar 28 '16 at 15:45

answered Mar 28 '16 at 15:29

cybea

89
5

Don't trust this on its own - Ubuntu OpenSSL versions get patched so the "build" version there may already be fixed but the "build date" not updated on the binary itself – Thomas Ward Nov 11 '16 at 13:54

I'm having ubuntu 14.04.4(server) with open ssl version 1.0.1f version. AM i vulnerable to heartbleed?

1 Answers1