Re: Why still heartbleed on Wheezy

To: debian-user <debian-user@lists.debian.org>
Subject: Re: Why still heartbleed on Wheezy
From: Jimmy Wu <jimmywu013@gmail.com>
Date: Sun, 20 Apr 2014 05:57:57 +0000
Message-id: <[🔎] CAN0j2Y6pWUu4NRgcvU6bE7p+1XmUqMHS+jdCAmWwKjHb+PxNMw@mail.gmail.com>
In-reply-to: <[🔎] 20140420013924.3223f145@mydesk>
References: <[🔎] 20140420013924.3223f145@mydesk>

On Sun, Apr 20, 2014 at 5:39 AM, Steve Litt <slitt@troubleshooters.com> wrote:
> Hi all,
>
> I installed Wheezy on my backup server, then did this:
>
> apt-get update
> apt-get upgrade
>
> root@bupserv:/backupserver/stevebup# openssl version
> OpenSSL 1.0.1e 11 Feb 2013
> root@bupserv:/backupserver/stevebup#

Wheezy is the current stable so they aren't going to update an
important library to a new upstream version. Instead they backport
security patches to the current version. Check your package version.

dpkg -l openssl

According to the changelog [1], wheezy openssl got the heartbleed
patch on 1.0.1e-2+deb7u5 on April 7. The latest version as of this
email is 1.0.1e-2+deb7u7.

[1] http://metadata.ftp-master.debian.org/changelogs//main/o/openssl/openssl_1.0.1e-2+deb7u7_changelog

Cheers,

Jimmy

Reply to:

Follow-Ups:
- Re: Why still heartbleed on Wheezy <SOLVED>
  - From: Steve Litt <slitt@troubleshooters.com>

References:
- Why still heartbleed on Wheezy
  - From: Steve Litt <slitt@troubleshooters.com>

Prev by Date: Why still heartbleed on Wheezy
Next by Date: Re: Why still heartbleed on Wheezy
Previous by thread: Why still heartbleed on Wheezy
Next by thread: Re: Why still heartbleed on Wheezy <SOLVED>
Index(es):
- Date
- Thread