Are there differences between OpenSSL security updates on Ubuntu and OpenSSL from the official OpenSSL site
Clash Royale CLAN TAG#URR8PPP up vote
2
down vote
favorite
The latest updates for OpenSSL in Ubuntu have come out this month.
http://changelogs.ubuntu.com/changelogs/pool/main/o/openssl/openssl_1.0.2g-1ubuntu4.11/changelog
There's an extensive list of security updates there for v1.0.2g
Though I have installed OpenSSL v1.0.2n manually 2 months ago.
What I am asking is does this matter, specifically are Ubuntu updates on OpenSSL version customized and specific to Ubuntu? Shouldn't the latest version direct from the OpenSSL site cover all these? Should I revert back to an older version?
updates openssl
asked Mar 29 at 0:39
Sam Wheel
1119
add a comment |Â
up vote
2
down vote
favorite
The latest updates for OpenSSL in Ubuntu have come out this month.
http://changelogs.ubuntu.com/changelogs/pool/main/o/openssl/openssl_1.0.2g-1ubuntu4.11/changelog
There's an extensive list of security updates there for v1.0.2g
Though I have installed OpenSSL v1.0.2n manually 2 months ago.
What I am asking is does this matter, specifically are Ubuntu updates on OpenSSL version customized and specific to Ubuntu? Shouldn't the latest version direct from the OpenSSL site cover all these? Should I revert back to an older version?
updates openssl
asked Mar 29 at 0:39
Sam Wheel
1119
add a comment |Â
up vote
2
down vote
favorite
up vote
2
down vote
favorite
The latest updates for OpenSSL in Ubuntu have come out this month.
http://changelogs.ubuntu.com/changelogs/pool/main/o/openssl/openssl_1.0.2g-1ubuntu4.11/changelog
There's an extensive list of security updates there for v1.0.2g
Though I have installed OpenSSL v1.0.2n manually 2 months ago.
What I am asking is does this matter, specifically are Ubuntu updates on OpenSSL version customized and specific to Ubuntu? Shouldn't the latest version direct from the OpenSSL site cover all these? Should I revert back to an older version?
updates openssl
asked Mar 29 at 0:39
Sam Wheel
1119
The latest updates for OpenSSL in Ubuntu have come out this month.
http://changelogs.ubuntu.com/changelogs/pool/main/o/openssl/openssl_1.0.2g-1ubuntu4.11/changelog
There's an extensive list of security updates there for v1.0.2g
Though I have installed OpenSSL v1.0.2n manually 2 months ago.
What I am asking is does this matter, specifically are Ubuntu updates on OpenSSL version customized and specific to Ubuntu? Shouldn't the latest version direct from the OpenSSL site cover all these? Should I revert back to an older version?
updates openssl
updates openssl
asked Mar 29 at 0:39
Sam Wheel
1119
asked Mar 29 at 0:39
Sam Wheel
1119
asked Mar 29 at 0:39
Sam Wheel
1119
asked Mar 29 at 0:39
Sam Wheel
1119
asked Mar 29 at 0:39
Sam Wheel
1119
1119
add a comment |Â
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
4
down vote
accepted
If you have manually installed your own version of OpenSSL instead of the version provided by Ubuntu, then you are responsible for keeping it updated, including installing any security patches.
It is usually safer to use the version provided by Ubuntu as you will then receive security updates through the normal update process.
The two will have different update schedules and processes, but both will aim to patch in a timely manner after a security issue is found. Ubuntu will backport the patch (ie rewrite the patch so it works on an older version) to the stable version in Ubuntu, whereas upstream may make the patch only available by updating to the latest version.
Another thing to be aware of is that many Ubuntu packages depend on an OpenSSL library. You may find that you have both the manually installed version and the Ubuntu-provided version installed due to it being brought in as a dependency.
answered Mar 29 at 0:50
thomasrutter
25.4k46086
ah backport vs upstream, thanks for clairfying ...still learning
– Sam Wheel
Mar 29 at 1:17
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
4
down vote
accepted
If you have manually installed your own version of OpenSSL instead of the version provided by Ubuntu, then you are responsible for keeping it updated, including installing any security patches.
It is usually safer to use the version provided by Ubuntu as you will then receive security updates through the normal update process.
The two will have different update schedules and processes, but both will aim to patch in a timely manner after a security issue is found. Ubuntu will backport the patch (ie rewrite the patch so it works on an older version) to the stable version in Ubuntu, whereas upstream may make the patch only available by updating to the latest version.
Another thing to be aware of is that many Ubuntu packages depend on an OpenSSL library. You may find that you have both the manually installed version and the Ubuntu-provided version installed due to it being brought in as a dependency.
answered Mar 29 at 0:50
thomasrutter
25.4k46086
ah backport vs upstream, thanks for clairfying ...still learning
– Sam Wheel
Mar 29 at 1:17
add a comment |Â
up vote
4
down vote
accepted
If you have manually installed your own version of OpenSSL instead of the version provided by Ubuntu, then you are responsible for keeping it updated, including installing any security patches.
It is usually safer to use the version provided by Ubuntu as you will then receive security updates through the normal update process.
The two will have different update schedules and processes, but both will aim to patch in a timely manner after a security issue is found. Ubuntu will backport the patch (ie rewrite the patch so it works on an older version) to the stable version in Ubuntu, whereas upstream may make the patch only available by updating to the latest version.
Another thing to be aware of is that many Ubuntu packages depend on an OpenSSL library. You may find that you have both the manually installed version and the Ubuntu-provided version installed due to it being brought in as a dependency.
answered Mar 29 at 0:50
thomasrutter
25.4k46086
ah backport vs upstream, thanks for clairfying ...still learning
– Sam Wheel
Mar 29 at 1:17
add a comment |Â
up vote
4
down vote
accepted
up vote
4
down vote
accepted
If you have manually installed your own version of OpenSSL instead of the version provided by Ubuntu, then you are responsible for keeping it updated, including installing any security patches.
It is usually safer to use the version provided by Ubuntu as you will then receive security updates through the normal update process.
The two will have different update schedules and processes, but both will aim to patch in a timely manner after a security issue is found. Ubuntu will backport the patch (ie rewrite the patch so it works on an older version) to the stable version in Ubuntu, whereas upstream may make the patch only available by updating to the latest version.
Another thing to be aware of is that many Ubuntu packages depend on an OpenSSL library. You may find that you have both the manually installed version and the Ubuntu-provided version installed due to it being brought in as a dependency.
answered Mar 29 at 0:50
thomasrutter
25.4k46086
If you have manually installed your own version of OpenSSL instead of the version provided by Ubuntu, then you are responsible for keeping it updated, including installing any security patches.
It is usually safer to use the version provided by Ubuntu as you will then receive security updates through the normal update process.
The two will have different update schedules and processes, but both will aim to patch in a timely manner after a security issue is found. Ubuntu will backport the patch (ie rewrite the patch so it works on an older version) to the stable version in Ubuntu, whereas upstream may make the patch only available by updating to the latest version.
Another thing to be aware of is that many Ubuntu packages depend on an OpenSSL library. You may find that you have both the manually installed version and the Ubuntu-provided version installed due to it being brought in as a dependency.
answered Mar 29 at 0:50
thomasrutter
25.4k46086
answered Mar 29 at 0:50
thomasrutter
25.4k46086
answered Mar 29 at 0:50
thomasrutter
25.4k46086
answered Mar 29 at 0:50
thomasrutter
25.4k46086
25.4k46086
ah backport vs upstream, thanks for clairfying ...still learning
– Sam Wheel
Mar 29 at 1:17
add a comment |Â
ah backport vs upstream, thanks for clairfying ...still learning
– Sam Wheel
Mar 29 at 1:17
ah backport vs upstream, thanks for clairfying ...still learning
– Sam Wheel
Mar 29 at 1:17
ah backport vs upstream, thanks for clairfying ...still learning
– Sam Wheel
Mar 29 at 1:17
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1020129%2fare-there-differences-between-openssl-security-updates-on-ubuntu-and-openssl-fro%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
var $window = $(window),
onScroll = function(e)
var $elem = $('.new-login-left'),
docViewTop = $window.scrollTop(),
docViewBottom = docViewTop + $window.height(),
elemTop = $elem.offset().top,
elemBottom = elemTop + $elem.height();
if ((docViewTop elemBottom))
StackExchange.using('gps', function() StackExchange.gps.track('embedded_signup_form.view', location: 'question_page' ); );
$window.unbind('scroll', onScroll);
;
$window.on('scroll', onScroll);
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password