看起来Ubuntu trusty正在托管OpenSSL版本:1.0.1f-1ubuntu2.21
这实际上是否容易受到伤害?
What versions of the OpenSSL are affected?
Status of different versions:
OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
OpenSSL 1.0.1g is NOT vulnerable
OpenSSL 1.0.0 branch is NOT vulnerable
OpenSSL 0.9.8 branch is NOT vulnerable
Bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug.
和
$ openssl version
OpenSSL 1.0.1f 6 Jan 2014
答案 0 :(得分:1)
不,Ubuntu软件包有一个向后移植到1.0.1.f的修复程序。 http://changelogs.ubuntu.com/changelogs/pool/main/o/openssl/openssl_1.0.1f-1ubuntu2.21/changelog提到2014年4月7日版本1.0.1f-1ubuntu2下的Heartbeat漏洞修复程序。