Are all versions of Ubuntu secure against DROWN attack?

security openssl

CVE-2016-0800:

Priority Medium

Description

The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a "DROWN" attack.

Package
Source: openssl098 (LP Ubuntu Debian)
Upstream:   needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):    not-affected
Ubuntu 14.04 LTS (Trusty Tahr): not-affected
Ubuntu Touch 15.04: DNE
Ubuntu Core 15.04:  DNE
Ubuntu 15.10 (Wily Werewolf):   DNE
Ubuntu 16.04 (Xenial Xerus):    DNE

Package
Source: openssl (LP Ubuntu Debian)
Upstream:   needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):    not-affected
Ubuntu 14.04 LTS (Trusty Tahr): not-affected
Ubuntu Touch 15.04: not-affected
Ubuntu Core 15.04:  not-affected
Ubuntu 15.10 (Wily Werewolf):   not-affected
Ubuntu 16.04 (Xenial Xerus):    not-affected
  • DNE = does not exist
  • Ubuntu is not affected by this problem.

Related

Do "python3" and "python" use different path variables?
Extract specific folder from tarball into specific folder
How to prevent users from changing their password to one of the last X passwords?
Can't connect to smb share after upgrade to Ubuntu Gnome 16.04
Audio Equalizer Software in Ubuntu 16.04
What do the gzcat and zcat commands do?
How to install updated version of HTML tidy
Unable to reset MySQL root password, tried everthing
Why isn't my zsh ls colorful?
Ubuntu Budgie: How to use Alt+Shift to switch keyboard layouts?
Please remove the installation medium then press enter
Where to change 30 seconds for grub on forced reset