AnsweredAssumed Answered

False alarm in Ubuntu on CVE-2014-0224?

Question asked by Howard C on Jul 3, 2014
Latest reply on Oct 13, 2014 by Thijs van Dijk

I am already using openssl 1.0.1-4ubuntu5.16





# dpkg -l openssl

ii  openssl                                             1.0.1-4ubuntu5.16                                   Secure Socket Layer (SSL) binary and related cryptographic tools


But still have the alert


Experimental: This server is vulnerable to the OpenSSL CCS vulnerability

(CVE-2014-0224) and exploitable. Grade set to F.



Is it a false alarm?

(I have reboot my server several time to confirm)


Reference: “openssl” source package : Precise (12.04) : Ubuntu