Ubuntu
openssl package

openssl update release for Precise 12.04

Asked by jarrett

Hi -
Its not clear if CVE-2015-0291 effects Version: 1.0.1

If so, when will a patch be released?

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu openssl Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
actionparsnip (andrew-woodhead666) said : 		#1

I suggest you report a bug if you are concerned

Revision history for this message
Manfred Hampl (m-hampl) said : 		#2

According to https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0291 this affects only OpenSSL 1.0.2 before 1.0.2a

Precise has 1.0.1-4, so it is not vulnerable.

see http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-0291.html

Revision history for this message
jarrett (jwold) said : 		#3

Thanks.

This is whats confusing, because it looks like there was a patch applied here:
https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.25

Anyway, probably best to update to 1.0.1-4ubuntu5.25 in my opinion.

Revision history for this message
Manfred Hampl (m-hampl) said : 		#4

As far as I can see from the change log, the ...5.25 update corrected some bugs, but with different CVE numbers.

CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, CVE-2015-0293,
but not CVE-2015-0291.

Updating to that version is recommended as a precaution for those other vulnerabilities.

Revision history for this message
jarrett (jwold) said : 		#5

ok, thanks!

Can you help with this problem?

Provide an answer of your own, or ask jarrett for more information if necessary.

To post a message you must log in.