[kwlug-disc] Heartbleed OpenSSL bug

Khalid Baheyeldin kb at 2bits.com
Tue Apr 8 21:18:04 EDT 2014


What matters is the previous version vs. the current version.

Because I am on an LTS, the old version was: 1.0.1-4ubuntu5.11 and the
update brought in 1.0.1-4ubuntu5.12 (note the change is 5.11 to 5.12, not
1.0.1-...

Check what is in /var/log/apt/history.log for yesterday, and what does dpkg
-l displays. I bet you have *1.1 and got *1.2 after.


On Tue, Apr 8, 2014 at 9:01 PM, CrankyOldBugger
<crankyoldbugger at gmail.com>wrote:

> I've done the update twice now and still I get:
>
> dpkg -l | grep openssl
> ii  libgnutls-openssl27:amd64                 2.12.23-1ubuntu4.2
>            amd64        GNU TLS library - OpenSSL wrapper
> ii  openssl                                   1.0.1e-3ubuntu1.2
>             amd64        Secure Socket Layer (SSL) binary and related
> cryptographic tools
> ii  python-openssl                            0.13-2ubuntu4
>             amd64        Python 2 wrapper around the OpenSSL library
>
> This is the same on two of my 13.10 systems.
>
>
>
>
> On 8 April 2014 19:44, Khalid Baheyeldin <kb at 2bits.com> wrote:
>
>>
>>
>>
>> On Tue, Apr 8, 2014 at 7:38 PM, Bob Jonkman <bjonkman at sobac.com> wrote:
>>
>>>
>>> On 14-04-08 12:09 PM, CrankyOldBugger wrote:
>>> > I just ran apt-get update && apt-get dist-upgrade on my Ubuntu
>>> > 13.10 laptop and saw both openSSL client and server in the mix, so,
>>> > as stated by the OP, fixes are out there...
>>>
>>> I too saw OpenSSL patches come in before I even knew there was a
>>> problem. But I still get this, even after a reboot:
>>>
>>> > Ubuntu 12.04.4:
>>> >> openssl version
>>> > OpenSSL 1.0.1 14 Mar 2012
>>> >
>>> > Ubuntu 13.10, Linux Mint 16 Petra, and Linux Mint Debian Edition
>>> >> openssl version
>>> > OpenSSL 1.0.1e 11 Feb 2013
>>>
>>
>> /var/log/aptitude has this:
>>
>> Aptitude 0.6.6: log report
>> Mon, Apr  7 2014 20:25:30 -0400
>>
>> ...
>> [UPGRADE] libssl-dev:amd64 1.0.1-4ubuntu5.11 -> 1.0.1-4ubuntu5.12
>> [UPGRADE] libssl-doc:amd64 1.0.1-4ubuntu5.11 -> 1.0.1-4ubuntu5.12
>> [UPGRADE] libssl1.0.0:amd64 1.0.1-4ubuntu5.11 -> 1.0.1-4ubuntu5.12
>> ...
>> [UPGRADE] openssl:amd64 1.0.1-4ubuntu5.11 -> 1.0.1-4ubuntu5.12
>>
>> $ dpkg -l | grep openssl
>> Shows the following:
>> ii  openssl                               1.0.1-4ubuntu5.12
>>
>> Which means the update is applied.
>> --
>> Khalid M. Baheyeldin
>> 2bits.com, Inc.
>> Fast Reliable Drupal
>> Drupal optimization, development, customization and consulting.
>> Simplicity is prerequisite for reliability. --  Edsger W.Dijkstra
>> Simplicity is the ultimate sophistication. --   Leonardo da Vinci
>> For every complex problem, there is an answer that is clear, simple, and
>> wrong." -- H.L. Mencken
>>
>> _______________________________________________
>> kwlug-disc mailing list
>> kwlug-disc at kwlug.org
>> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>>
>>
>
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>
>


-- 
Khalid M. Baheyeldin
2bits.com, Inc.
Fast Reliable Drupal
Drupal optimization, development, customization and consulting.
Simplicity is prerequisite for reliability. --  Edsger W.Dijkstra
Simplicity is the ultimate sophistication. --   Leonardo da Vinci
For every complex problem, there is an answer that is clear, simple, and
wrong." -- H.L. Mencken
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20140408/77d5dae2/attachment-0001.html>


More information about the kwlug-disc mailing list