[PLUG] Ubuntu security issues

Ed Sawicki ed at alcpress.com
Fri Oct 19 20:00:46 UTC 2007


Charlie Schluting wrote:
> On 10/19/07 12:26 PM, Ed Sawicki wrote:
> 
>> I realize that Dapper is not the latest Ubuntu but shouldn't
>> important programs like openssl and openssh be kept current
>> regardless?
>>
> 
> 
> Have you checked the patch levels of those packages? Just because the
> version is older, doesn't mean security fixes weren't applied..
> 
>  -Charlie

How would I do that?

Here's what dpkg says:

# dpkg -s openssl
Package: openssl
Status: install ok installed
Priority: optional
Section: utils
Installed-Size: 2272
Maintainer: Debian OpenSSL Team <pkg-openssl-devel at lists.alioth.debian.org>
Architecture: amd64
Version: 0.9.8a-7ubuntu0.4
Depends: libc6 (>= 2.3.4-1), libssl0.9.8 (>= 0.9.8a-1), zlib1g (>= 1:1.2.1)
Suggests: ca-certificates
Conflicts: ssleay (<< 0.9.2b)
Conffiles:
  /etc/ssl/openssl.cnf 0b1cf9a835b829131d630b7c2fe55f3c
Description: Secure Socket Layer (SSL) binary and related cryptographic 
tools
  This package contains the openssl binary and related tools.
  .
  It is part of the OpenSSL implementation of SSL.
  .
  You need it to perform certain cryptographic actions like:
   o  Creation of RSA, DH and DSA Key Parameters
   o  Creation of X.509 Certificates, CSRs and CRLs
   o  Calculation of Message Digests
   o  Encryption and Decryption with Ciphers
   o  SSL/TLS Client and Server Tests
   o  Handling of S/MIME signed or encrypted Mail


The /usr/share/doc/openssl/changelog starts out like this:

OpenSSL CHANGES
  _______________

  Changes between 0.9.8 and 0.9.8a  [11 Oct 2005]


Ed



More information about the PLUG mailing list