AnsweredAssumed Answered

Qualys Ubuntu OpenSSL false positives

Question asked by nathan.j.slinn on Apr 27, 2015
Latest reply on May 20, 2015 by Craig Kagawa

When performing a Qualys scan against our Ubuntu servers we have the following QID's listed:-



The scan has detected 'OpenSSL 1.0.1f 6 Jan 2014' which it thinks is vulnerable and requests we update to 1.0.1h, however Canonical backports security fixes into their currently distributed OpenSSL version, which was actually released on 2015-03-19 with all current vulnerabilities patched.


The various releases and fixes are listed on Canonicals launchpad site for reference:-


How can we stop Qualys from picking up non issues such as this?