When will openssl be updated for the various Ubuntu LTS and non-LTS versions?

Asked by mcandre on 2014-04-15

Since openssl 1.0.1 through 1.0.1f are compromised (http://en.wikipedia.org/wiki/Heartbleed#Affected_OpenSSL_installations), I'm curious why Ubuntu packages have been slow to update to a safe (1.0.1g) version.

Compare latest available openssl versions for Debian:

https://packages.debian.org/search?keywords=openssl

with Ubuntu:

http://packages.ubuntu.com/search?keywords=openssl&searchon=names

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu openssl Edit question
Assignee:
No assignee Edit question
Last query:
2014-04-15
Last reply:
2014-04-15
Warren Hill (warren-hill) said : #1

http://www.ubuntu.com/usn/usn-2165-1/

and here

http://askubuntu.com/questions/444702/how-to-patch-the-heartbleed-bug-cve-2014-0160-in-openssl

It's fixed in all supported versions of Ubuntu.

It may still be a problem in unsupported (end of life) versions and where it is it won't be fixed. But if your using an unsupported version upgrade.

Can you help with this problem?

Provide an answer of your own, or ask mcandre for more information if necessary.

To post a message you must log in.