Verify OpenVPN is no longer vulnerable to Heartbleed

heartbleed openvpn

Solution 1:

Let's follow the trail! What does openvpn use?

$ ldd $(which openvpn)
...
libssl.so.1.0.0 => /lib/x86_64-linux-gnu/libssl.so.1.0.0 (0x00007f464d630000)

OK, it's using libssl.1.0.0 provided by...?

$ dpkg -S /lib/x86_64-linux-gnu/libssl.so.1.0.0
libssl1.0.0:amd64: /lib/x86_64-linux-gnu/libssl.so.1.0.0

... provided by libssl1.0.0:

$ apt-get changelog libssl1.0.0 | grep -B10 CVE-2014-0160

openssl (1.0.1-4ubuntu5.12) precise-security; urgency=medium

  * SECURITY UPDATE: side-channel attack on Montgomery ladder implementation
    - debian/patches/CVE-2014-0076.patch: add and use constant time swap in
      crypto/bn/bn.h, crypto/bn/bn_lib.c, crypto/ec/ec2_mult.c,
      util/libeay.num.
    - CVE-2014-0076
  * SECURITY UPDATE: memory disclosure in TLS heartbeat extension
    - debian/patches/CVE-2014-0160.patch: use correct lengths in
      ssl/d1_both.c, ssl/t1_lib.c.
    - CVE-2014-0160

Looks good to me.

Related

How does OS read disks that were formatted as 520?
fail2ban on Raspbian does not create iptables jails
firewall-cmd not allowing loopback redirect
Exchange 2013 as VM vs Exchange Physical Server [closed]
Why would deleting an incremental snapshot increase the space usage & cost? [closed]
Cannot install sshd (openssh-server) on debian 10.4
certbot-can't get SSL certificate for mail.domain.com
What is stopping postfix from delivering mail to the local transport agent?
How do I send emails from a different domain?
Java cannot resolve DNS address from AIX: UnknownHostException
Connecting to MongoDb at EC2 - how do I know username, host, port, ect?
Exim won't start - Error loading lookup module mysql.so