Do I need to take action on a 10.04 LTS server to avoid the heartbleed vulnerability?
8,540
Solution 1
The version in 10.04 is too old to have the vulnerability, no action is needed over the heart bleed bug.
Solution 2
you can check if your server is affected:
http://filippo.io/Heartbleed/#«yourserver.tld»
Related videos on Youtube
04 : 00
Heartbleed - OpenSSL Vulnerability
14 : 29
Heartbleed Exploit - Discovery & Exploitation
02 : 18
What is the Heartbleed bug?
17 : 52
Heartbleed OpenSSL Exploit Vulnerability
01 : 32
Ubuntu: Do I need to take action on a 10.04 LTS server to avoid the heartbleed vulnerability?
Author by
FvD
Updated on September 18, 2022Comments
-
FvD over 1 year
From the heartbleed.com website, I see that OpenSSL 0.9.8 is NOT vulnerable, which is the version that is available on 10.04. That should mean that actually having stuck with 10.04 until now has avoided any problems with this issue for my production servers.
Is that correct or am I still missing something and there is action that should be taken on 10.04 servers?
-
snez about 10 yearsOpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
-
Thomas Weller about 10 yearsIf you don't exactly know your Ubuntu version and the obvious commanduname -ais not helpful, trylsb_release -d -s. -
belacqua about 10 yearsThis assumes that the server is currently publicly accessible.... -
belacqua about 10 years+1 If you have 0.9.8 you are fine ; 10.04 is OK unless you've done something interesting. Use
openssl versionto check.
