Ubuntu – Patch OpenSSL CVE-2014-0160 on ubuntu 12.04

opensslSecurity

NO, this is not a duplicate of How to patch the Heartbleed bug (CVE-2014-0160) in OpenSSL?. So, read on.

I am seeing conflicting information with respect to Ubuntu 12.04:

  1. The Heartbleed page claims Ubuntu 12.04 to be affected and needs to be patched with 1.0.1g
  2. The Ubuntu Security Notice USN-2165-1 claims that version 1.0.1-4ubuntu5.12 for the package libssl1.0.0 should fix the issue on Ubuntu 12.04.

Now I do have these packages installed:

# dpkg -l | grep ssl
ii  libssl1.0.0                      1.0.1-4ubuntu5.10                 SSL shared libraries
ii  openssl                          1.0.1-4ubuntu5.10                 Secure Socket Layer (SSL) binary and related cryptographic tools

# lsb_release  -a | grep -i description
Description:    Ubuntu 12.04.3 LTS

So, If I consider above two points, I am not sure which one is true.

Besides, this Heartbleed test page says that my machine is vulnerable.

Has anyone yet been able to fix this issue successfully on Ubuntu 12.04? If yes, then could you provide me the steps you have taken?

Best Answer

Why don't you update? If Ubuntu says you need 5.12, and that heartbleed site says you're vulnerable, what's the problem?

I have the following installed, which was updated yesterday or today on my machine. 

ii  openssl                                  1.0.1-4ubuntu5.12
Related Question