[Bug 879028] Re: Update OpenSSL package for 10.04 LTS
Jamie Strandboge
jamie at ubuntu.com
Fri Oct 21 21:12:35 UTC 2011
Ubuntu, like most other Linux distros, releases security updates by
patching specific issues rather than updating whole versions of
software. This is to keep the packages in a stable release as close to
their original version as possible to avoid introducing unintended
regressions. For more details, see Stable Release Updates.
Sometimes external security vendors doing software version scanning
against Ubuntu systems do not check actual package versions, leading to
false positives in their scan reports.
The particular issue you asked about was fixed in
http://www.ubuntu.com/usn/usn-1029-1
** Changed in: openssl (Ubuntu)
Status: New => Invalid
** Visibility changed to: Public
** This bug is no longer flagged as a security vulnerability
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/879028
Title:
Update OpenSSL package for 10.04 LTS
Status in “openssl” package in Ubuntu:
Invalid
Bug description:
We have had a PCI-DSS scan of our site and it shows:
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG Session Resume Ciphersuite Downgrade Weakness
From:
http://openssl.org/news/secadv_20101202.txt
Recommendations are:
Upgrade to OpenSSL 0.9.8q / 1.0.0.c or later, or contact your vendor for a patch.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/879028/+subscriptions
More information about the foundations-bugs
mailing list