[PLUG] Ubuntu security issues
Ed Sawicki
ed at alcpress.com
Fri Oct 19 20:00:46 UTC 2007
Charlie Schluting wrote:
> On 10/19/07 12:26 PM, Ed Sawicki wrote:
>
>> I realize that Dapper is not the latest Ubuntu but shouldn't
>> important programs like openssl and openssh be kept current
>> regardless?
>>
>
>
> Have you checked the patch levels of those packages? Just because the
> version is older, doesn't mean security fixes weren't applied..
>
> -Charlie
How would I do that?
Here's what dpkg says:
# dpkg -s openssl
Package: openssl
Status: install ok installed
Priority: optional
Section: utils
Installed-Size: 2272
Maintainer: Debian OpenSSL Team <pkg-openssl-devel at lists.alioth.debian.org>
Architecture: amd64
Version: 0.9.8a-7ubuntu0.4
Depends: libc6 (>= 2.3.4-1), libssl0.9.8 (>= 0.9.8a-1), zlib1g (>= 1:1.2.1)
Suggests: ca-certificates
Conflicts: ssleay (<< 0.9.2b)
Conffiles:
/etc/ssl/openssl.cnf 0b1cf9a835b829131d630b7c2fe55f3c
Description: Secure Socket Layer (SSL) binary and related cryptographic
tools
This package contains the openssl binary and related tools.
.
It is part of the OpenSSL implementation of SSL.
.
You need it to perform certain cryptographic actions like:
o Creation of RSA, DH and DSA Key Parameters
o Creation of X.509 Certificates, CSRs and CRLs
o Calculation of Message Digests
o Encryption and Decryption with Ciphers
o SSL/TLS Client and Server Tests
o Handling of S/MIME signed or encrypted Mail
The /usr/share/doc/openssl/changelog starts out like this:
OpenSSL CHANGES
_______________
Changes between 0.9.8 and 0.9.8a [11 Oct 2005]
Ed
More information about the PLUG
mailing list