Ubuntu
openssl package

Proposed package update following CVE-2015-1793 9th July 2015

Asked by Duncan Bell

Following security advisory from the openssl team, when will a new Ubuntu package be available with this fix in, or is this already in the package?

CVE-2015-1793

https://www.openssl.org/news/secadv_20150709.txt

https://www.openssl.org/source/

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu openssl Edit question
Assignee:
No assignee Edit question
Solved by:
Manfred Hampl
Solved:
Last query:
Last reply:
Revision history for this message
actionparsnip (andrew-woodhead666) said : 		#1

I suggest you report a bug. Mark it as a security bug

Revision history for this message
Best Manfred Hampl (m-hampl) said : 		#2

see http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1793.html

This vulnerability only affects OpenSSL versions 1.0.2c, 1.0.2b, 1.0.1n and 1.0.1o, and only the development version Ubuntu 15.04 contains one of these; and fur this one the update from 1.0.2c to 1.0.2d is already in progress (currently in wily-proposed).

Revision history for this message
Duncan Bell (duncanfbell) said : 		#3

Thanks Manfred Hampl, that solved my question.