Ubuntu
openssl package

Openssl security updates for Precise 12.04 - CVE-2015-3197

Asked by Dinesh Kandavel on 2016-01-29

As per openssl security advisory (https://www.openssl.org/news/secadv/20160128.txt), CVE-2015-3197 affects OpenSSL 1.0.1. But ubuntu cve tracker (http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-0701.html) shows that ubuntu precise pangolin is not affected.

Could you please confirm whether CVE-2015-3197 does not affect 1.0.1-4ubuntu5.33 ?

Thanks,
Dinesh.

Question information

Language:: English Edit question

Status:: Answered

For:: Ubuntu openssl Edit question

Assignee:: No assignee Edit question

Last query:: 2016-01-29

Last reply:: 2016-01-30

Link existing bug

Revision history for this message

actionparsnip (andrew-woodhead666) said on 2016-01-30:

#1

I suggest you report a bug

Revision history for this message

Manfred Hampl (m-hampl) said on 2016-01-30:

#2

Don't confuse CVE-2015-3197 and CVE-2016-0701

According to http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-3197.html
"mdeslaur> openssl in Ubuntu is compiled with no-ssl2"

Can you help with this problem?

Provide an answer of your own, or ask Dinesh Kandavel for more information if necessary.

To post a message you must log in.

Ask a question

Edit question

Subscribers