Re: Why still heartbleed on Wheezy <SOLVED>
On Sun, 20 Apr 2014 05:57:57 +0000
Jimmy Wu <jimmywu013@gmail.com> wrote:
> On Sun, Apr 20, 2014 at 5:39 AM, Steve Litt
> <slitt@troubleshooters.com> wrote:
> > Hi all,
> >
> > I installed Wheezy on my backup server, then did this:
> >
> > apt-get update
> > apt-get upgrade
> >
> > root@bupserv:/backupserver/stevebup# openssl version
> > OpenSSL 1.0.1e 11 Feb 2013
> > root@bupserv:/backupserver/stevebup#
>
> Wheezy is the current stable so they aren't going to update an
> important library to a new upstream version. Instead they backport
> security patches to the current version. Check your package version.
>
> dpkg -l openssl
>
> According to the changelog [1], wheezy openssl got the heartbleed
> patch on 1.0.1e-2+deb7u5 on April 7. The latest version as of this
> email is 1.0.1e-2+deb7u7.
>
> [1]
> http://metadata.ftp-master.debian.org/changelogs//main/o/openssl/openssl_1.0.1e-2+deb7u7_changelog
Thanks Jimmy,
Yes! Once I checked it with the dpkg command, it told me
1.0.1e-2+deb7u7, which is the documented fixed version for Wheezy. So
my new backup server is Heartbleed free, and I can go on to other
things. Thanks for this info!
SteveT
Steve Litt * http://www.troubleshooters.com/
Troubleshooting Training * Human Performance
Reply to: