On Wed, 2014-04-09 at 20:32 +0530, Shenal Silva wrote: > Hi All, > As most of you'll know A serious vulnerability called the "Hearbleed" > bug has been discovered and the vulnerable version (OpenSSL 1.0.1f 6 > Jan 2014) is the version still in the repositories. Can someone look > into updating the repositories with the patched version (1.0.0g) it > would be really good > Regards, > Regards, > Shenal Silva, > Mobile:+94718670210 > +94786903735 > Skype:shenal777
Updates for supported releases: http://www.ubuntu.com/usn/usn-2165-1/ Trusty aka what will be 14.04: openssl (1.0.1f-1ubuntu2) trusty; urgency=medium * SECURITY UPDATE: side-channel attack on Montgomery ladder implementation - debian/patches/CVE-2014-0076.patch: add and use constant time swap in crypto/bn/bn.h, crypto/bn/bn_lib.c, crypto/ec/ec2_mult.c, util/libeay.num. - CVE-2014-0076 * SECURITY UPDATE: memory disclosure in TLS heartbeat extension - debian/patches/CVE-2014-0160.patch: use correct lengths in ssl/d1_both.c, ssl/t1_lib.c. - CVE-2014-0160 Date: Mon, 07 Apr 2014 15:37:53 -0400 Changed-By: Marc Deslauriers <[email protected]> Regards Phil -- Phil Wyett { GNU Linux User and Developer Leigh GNU Linux User Group (http://leigh.lug.org.uk) IRC: philwyett Twitter: philwyett and leigh_lug }
signature.asc
Description: This is a digitally signed message part
-- Ubuntu-GNOME mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-gnome
