Raspbian openssl (1.01e) is vulnerable to CVE-2014-0160
Bug #1440494 reported by
Eric Westbrook
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Raspbian |
Invalid
|
Undecided
|
Unassigned |
Bug Description
The latest openssl available on raspbian remains uncorrected for the "Heartbleed" vulnerability from April 2014 (CVE-2014-0160).
$ sudo apt-get -y update && sudo apt-get -y upgrade
...
$ openssl version
OpenSSL 1.01e 11 Feb 2013
This is a critical security vulnerability. Corrected versions of openssl have been available upstream for a year now. Please make an updated version available in Raspbian immediately.
CVE References
information type: | Private Security → Public |
To post a comment you must log in.
Raspbian wheezy has openssl version 1.0.1e- 2+rvt+deb7u16 . Which is based on 1.0.1e-2+deb7u16 from Debian.
According to the Debian security tracker the CVE you mention was fixed ages ago in 1.0.1e-2+deb7u5
https:/ /security- tracker. debian. org/tracker/ CVE-2014- 0160