Ubuntu
openssl package

Need to know an ETA for OpenSSL 1.01g - Critical Security Bug

Asked by Adam Rivera on 2014-04-08

Does anyone have an ETA to OpenSSL 1.01g for Trusty (14.04) via apt-get?

Question information

Language:: English Edit question

Status:: Solved

For:: Ubuntu openssl Edit question

Assignee:: No assignee Edit question

Solved by:: Manfred Hampl

Solved:: 2014-04-08

Last query:: 2014-04-08

Last reply:: 2014-04-08

Link existing bug

Revision history for this message

Manfred Hampl (m-hampl) said on 2014-04-08:

If you are talking about CVE-2014-0076 and CVE-2014-0160, they seem to be already covered in the 1.0.1f-1ubuntu2 version for trusty that was published 15 hours ago.

see http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-0160
and http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-0076
and http://www.ubuntu.com/usn/usn-2165-1/

openssl (1.0.1f-1ubuntu2) trusty; urgency=medium

  * SECURITY UPDATE: side-channel attack on Montgomery ladder implementation
    - debian/patches/CVE-2014-0076.patch: add and use constant time swap in
      crypto/bn/bn.h, crypto/bn/bn_lib.c, crypto/ec/ec2_mult.c,
      util/libeay.num.
    - CVE-2014-0076
  * SECURITY UPDATE: memory disclosure in TLS heartbeat extension
    - debian/patches/CVE-2014-0160.patch: use correct lengths in
      ssl/d1_both.c, ssl/t1_lib.c.
    - CVE-2014-0160

-- Marc Deslauriers <email address hidden> Mon, 07 Apr 2014 15:37:53 -0400

Revision history for this message

Adam Rivera (a432511) said on 2014-04-08:

Thank you sir.

Revision history for this message

Adam Rivera (a432511) said on 2014-04-08:

Thanks Manfred Hampl, that solved my question.

To post a message you must log in.

Ask a question

Edit question

Ubuntuopenssl package

Need to know an ETA for OpenSSL 1.01g - Critical Security Bug

Question information

Related bugs

Related FAQ:

Subscribers

Ubuntu
openssl package