OpenSSL version is outdated

Asked by Aviv D on 2018-01-31

Greetings,

I'm using Ubuntu Server 16.04.3 (kernel version 4.4.0-109-generic).
I've noticed, that it installs openssl version 1.0.2g - released in March 2016, though official openssl website states, that latest version is 1.0.2n (released December 2017).

I'm wondering why Canonical hasn't approved to upstream these updates ?

thanks !

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu openssl Edit question
Assignee:
No assignee Edit question
Solved by:
Manfred Hampl
Solved:
2018-01-31
Last query:
2018-01-31
Last reply:
2018-01-31
Best Manfred Hampl (m-hampl) said : #1

Ubuntu is no rolling release, this means that packages in older Ubuntu releases usually stay at the version that was the current one when that Ubuntu release was published. For fixing of bugs usually the relevant patches are applied to the older version.

The last update to the version of openssl in Ubuntu 16.04 was in December 2017 to care for CVE-2017-3737 and CVE-2017-3738

For the next version of Ubuntu (18.04, to be published in April) work is in progress to provide openssl 1.0.2n (or eventually even higher).

Aviv D (avivd) said : #2

Thanks Manfred Hampl, that solved my question.