Differences

This shows you the differences between two versions of the page.

--- ubuntu:vulnerabilities:heartbleed [2019/12/04 22:20] – created peter
+++ ubuntu:vulnerabilities:heartbleed [2020/07/15 09:30] (current) – external edit 127.0.0.1
@@ Line 3: / Line 3: @@
 Heartbleed was introduced in OpenSSL version 1.0.1 and is patched with OpenSSL version 1.0.1g.  Details are in [[https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160|CVE-2014-0160]].
-The bug allows any attacker to read the memory of a vulnerable host, which means that any keys that have been used on a host with a vulnerable version of OpenSSL should be considered compromised.  Distributions have been updating their packages and pushing out updates, but users need to pull down the most recent packages and revoke any previous keys based on insecure versions.
+The bug allows any attacker to read the memory of a vulnerable host, which means that any keys that have been used on a host with a vulnerable version of OpenSSL should be considered compromised.
+Distributions have been updating their packages and pushing out updates, but users need to pull down the most recent packages and revoke any previous keys based on insecure versions.
 ----
@@ Line 10: / Line 12: @@
 <code bash>
-dpkg -l | grep "openssl"
+sudo dpkg -l | grep "openssl"
 </code>
-Returns something like:
+returns:
 <code>
@@ Line 62: / Line 64: @@
 These may look different, but they should point you in the correct direction to find your SSL certificate location.
+----
 If you are using Nginx, you'll find similar directives that point to your server's SSL certificate and key.  They might look something like this: