openssl update release for Precise 12.04

Asked by jarrett on 2015-03-19

Hi -
Its not clear if CVE-2015-0291 effects Version: 1.0.1

If so, when will a patch be released?

Question information

English Edit question
Ubuntu openssl Edit question
No assignee Edit question
Last query:
Last reply:

I suggest you report a bug if you are concerned

Manfred Hampl (m-hampl) said : #2

According to this affects only OpenSSL 1.0.2 before 1.0.2a

Precise has 1.0.1-4, so it is not vulnerable.


jarrett (jwold) said : #3


This is whats confusing, because it looks like there was a patch applied here:

Anyway, probably best to update to 1.0.1-4ubuntu5.25 in my opinion.

Manfred Hampl (m-hampl) said : #4

As far as I can see from the change log, the ...5.25 update corrected some bugs, but with different CVE numbers.

CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, CVE-2015-0293,
but not CVE-2015-0291.

Updating to that version is recommended as a precaution for those other vulnerabilities.

jarrett (jwold) said : #5

ok, thanks!

Can you help with this problem?

Provide an answer of your own, or ask jarrett for more information if necessary.

To post a message you must log in.