AnsweredAssumed Answered

False alarm in Ubuntu on CVE-2014-0224?

Question asked by Howard C on Jul 3, 2014
Latest reply on Oct 13, 2014 by Thijs van Dijk

I am already using openssl 1.0.1-4ubuntu5.16

 

e.g.

 

 

# dpkg -l openssl

ii  openssl                                             1.0.1-4ubuntu5.16                                   Secure Socket Layer (SSL) binary and related cryptographic tools

 

But still have the alert

 

Experimental: This server is vulnerable to the OpenSSL CCS vulnerability

(CVE-2014-0224) and exploitable. Grade set to F.

 

 

Is it a false alarm?

(I have reboot my server several time to confirm)

 

Reference: “openssl” source package : Precise (12.04) : Ubuntu

Outcomes