Tag: openssl

  1. Ubuntu Linux and the Heartbleed OpenSSL vulnerability.

    07 April 2014

    If you're in the mad scramble to patch the Heartbleed vulnerability in OpenSSL on your Ubuntu servers but you need to see some documentation, look in your /usr/share/doc/openssl/changelog.Debian.gz file. If you see the following at the very top of the file, you're patched:

    openssl (1.0.1-4ubuntu5.12) precise-security; urgency=medium

    * SECURITY UPDATE: side-channel attack on Montgomery ladder implementation
    - debian/patches/CVE-2014-0076.patch: add and use constant time swap in
    crypto/bn/bn.h, crypto/bn/bn_lib.c, crypto/ec/ec2_mult.c,
    - CVE-2014-0076
    * SECURITY UPDATE: memory disclosure in TLS heartbeat extension …