Ubuntu Linux and the Heartbleed OpenSSL vulnerability.

heartbleed infosec linux openssl sysadmin vulnerability

If you're in the mad scramble to patch the Heartbleed vulnerability in OpenSSL on your Ubuntu servers but you need to see some documentation, look in your /usr/share/doc/openssl/changelog.Debian.gz file. If you see the following at the very top of the file, you're patched:


  openssl (1.0.1-4ubuntu5.12) precise-security; urgency=medium
  
    * SECURITY UPDATE: side-channel attack on Montgomery ladder implementation
      - debian/patches/CVE-2014-0076.patch: add and use constant time swap in
        crypto/bn/bn.h, crypto/bn/bn_lib.c, crypto/ec/ec2_mult.c,
        util/libeay.num.
      - CVE-2014-0076
    * SECURITY UPDATE: memory disclosure in TLS heartbeat extension …

Read more...