I see that the latest security patches are not yet available from apt-get install openssl on Ubuntu 14.04. What steps do I need to take in order to install the latest OpenSSL without conflicting with my previous installation through apt-get?
Asked
Active
Viewed 3.0k times
6
Andrew
- 3,453
- 9
- 33
- 36
-
What security patches do you mean? Are you aware that Ubuntu backports patches into older version? http://changelogs.ubuntu.com/changelogs/pool/main/o/openssl/openssl_1.0.1f-1ubuntu2.11/changelog – Sven Apr 17 '15 at 21:29
-
I'm referring to [this article](http://www.zdnet.com/article/high-severity-flaw-in-openssl-to-be-patched/) and this recommendation: "Upgrade your OpenSSL package to one of the following versions: 1.0.2a, 1.0.1m, 1.0.0r and 0.9.8zf" – Andrew Apr 17 '15 at 21:41
-
2When I run `openssl version -a` I see `OpenSSL 1.0.1f 6 Jan 2014` which makes me think I don't have the latest version. – Andrew Apr 17 '15 at 21:42
1 Answers
9
You can check this page https://launchpad.net/ubuntu/trusty/+source/openssl It will show you the exact security updates that have been backported, even though the overall version date appears old. If you have installed the latest openssl via apt-get upgrade, you are current (on security updates) as of 2015-03-19, which happens to be 2 days after the security flaw was posted on your link above. You can drill down into the openssl page on ubuntu to see if this fix was included.
Chad Smith
- 1,489
- 8
- 8
-
where at that link can you see which security updates have been backported? – BigRon Dec 01 '16 at 19:09