How to check which OpenSSL version is use by Apache on Ubuntu 12.04
36,078
$ apt-cache policy openssl
openssl: Installed: xxx
"Installed: xxx" shows the currently installed version of openssl. Heartbleed is fixed in the following package versions (or later):
Ubuntu 13.10: libssl1.0.0 1.0.1e-3ubuntu1.2
Ubuntu 12.10: libssl1.0.0 1.0.1c-3ubuntu2.7
Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.12
If your installed package version is lower than these, then your system is vulnerable to Heartbleed.
Author by
Bhushan Kawadkar
Updated on September 18, 2022Comments
-
Bhushan Kawadkar over 1 year
I have installed Ubuntu12.04 on my machine and it got heartBleed version of OpenSSL 1.0.1. So I uninstalled OpenSSL 1.0.1 and install new 1.0.1g version by refering this link.
Now I want to confirm that the "Apache 2.2.22" available on Ubuntu 12.04 is using 1.0.1g and not 1.0.1 version of OpenSSL. How will I confirm this?
-
Bhushan Kawadkar over 9 yearsThanks for the reply. Will this ensure that the Apache I am using (which is available on Ubuntu) is using upgraded OpenSSL1.0.1g? I can see
Installed: 1.0.1-4ubuntu5.16
on my machine now. -
bain over 9 yearsYes. Make sure you are doing regular security updates - heartbleed is not the only security vulnerability to affect 12.04.
-
Bhushan Kawadkar over 9 yearsOk great :). What are the other security vulnerability to affect 12.04, Can you share any link or document? Thank you very much :)
-
bain over 9 yearsHere: Ubuntu 12.04 security notices Note that is just the first page, if you scroll down you will see that (as of July 2014) there are 12 pages of vulnerabilities in 12.04. Everyone should do regular security updates.