0

看起来 Ubuntu trusty 正在托管 OpenSSL 版本:1.0.1f-1ubuntu2.21

这真的容易被心脏出血吗?

  • http://packages.ubuntu.com/source/trusty/openssl

  • http://heartbleed.com/

    What versions of the OpenSSL are affected?
Status of different versions:
    OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
    OpenSSL 1.0.1g is NOT vulnerable
    OpenSSL 1.0.0 branch is NOT vulnerable
    OpenSSL 0.9.8 branch is NOT vulnerable
    Bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug.


    $ openssl version
    OpenSSL 1.0.1f 6 Jan 2014
4

1 回答 1

1

不,Ubuntu 软件包有一个向后移植到 1.0.1.f 的修复程序。 http://changelogs.ubuntu.com/changelogs/pool/main/o/openssl/openssl_1.0.1f-1ubuntu2.21/changelog提到了 2014 年 4 月 7 日版本 1.0.1f-1ubuntu2 下的 Heartbeat 漏洞修复。

于 2017-01-26T01:40:14.603 回答