Is Ubuntu 14.04 secure against heart bleed bug [duplicate]

openssl

Solution 1:

If I get this right you're secure:

openssl (1.0.1f-1ubuntu2) trusty; urgency=medium

  • SECURITY UPDATE: side-channel attack on Montgomery ladder implementation
    • debian/patches/CVE-2014-0076.patch: add and use constant time swap in crypto/bn/bn.h, crypto/bn/bn_lib.c, crypto/ec/ec2_mult.c, util/libeay.num.
    • CVE-2014-0076
  • SECURITY UPDATE: memory disclosure in TLS heartbeat extension
    • debian/patches/CVE-2014-0160.patch: use correct lengths in ssl/d1_both.c, ssl/t1_lib.c.
    • CVE-2014-0160

-- Marc Deslauriers Mon, 07 Apr 2014 15:37:53 -0400

Solution 2:

Yes, provided you've installed the latest updates. The latest version of openssl in the 14.04 repositories is 1.0.1f-1ubuntu2. You can check that you're running that version by opening a terminal and running: apt-cache show openssl | grep Version

Related

update-alternatives: error: alternative path /lib/plymouth/themes/Lmint/Lmint.plymouth doesn't exist
Why do the Repositories not have the latest upstream versions? [duplicate]
Add a non-UEFI boot target to an UEFI grub
Looking to specifically customize Ubuntu SSH banner
Accidentally changed Bluetooth mode to off
Update: Failed to lock /var/cache/apt/archives/lock
How do I change Software Center's default installation path?
WiFi connects, but pages don't load
Will the data from my persistent Live-USB automatically transfer when I install?
Is there a way to find out whether an updated program/package lands in the official Ubuntu release repositories?
Upgraded to 14.10, brightness control quit working - Intel HD 4400
Making sense of glxinfo OpenGL versions