10

I know that 13.04 is affected (or at least my installation is) because of the OpenSSL version currently installed. However, after running

sudo apt-get update
sudo apt-get upgrade

I checked my OpenSSL version and it was still an unpatched build.

I also checked http://www.ubuntu.com/usn/usn-2165-1/ and 13.04 isn't listed. What can I do to patch OpenSSL on my machine?

Shane Madden
  • 112,982
  • 12
  • 174
  • 248
dwlz
  • 891
  • 3
  • 10
  • 19
  • 6
    13.04 is out of support. You should not be running it. – Michael Hampton Apr 08 '14 at 02:24
  • 2
    That doesn't help. :) – dwlz Apr 08 '14 at 02:27
  • 2
    Not a dupe. Different question. – dwlz Apr 08 '14 at 02:30
  • 2
    Yes, it's the best help you're likely to get. You really should not be doing anything important with very-short-lifecycle distributions like non-LTS Ubuntu unless you are also keeping it upgraded to the latest supported releases. You will not get an official patch for this issue on 13.04. Period. It's past time to upgrade. – Michael Hampton Apr 08 '14 at 02:30
  • 1
    Appreciated. Thanks. I'm just surprised. 13.04 was a year ago. Since when are non-LTS versions given <1 year support? – dwlz Apr 08 '14 at 02:33
  • @dlo https://wiki.ubuntu.com/LTS – EEAA Apr 08 '14 at 02:34
  • 2
    End of life date for [Ubuntu 13.04 was Jan 27, 2014](https://wiki.ubuntu.com/Releases). [Canonical switched to a 9 month support plan for non LTS releases because back-porting bugs and package upgrades was consuming too much time for the company, since most users of non-LTS releases upgrade each cycle](http://askubuntu.com/a/289817). – scuzzy-delta Apr 08 '14 at 07:19

1 Answers1

5

Note that 13.04 is no longer supported. Upgrading to a supported version is the recommended action. But if a short term solution is needed, it's possible to rebuild the packages from source (sample instructions) with a patch applied, e.g.:

sudo apt-get install build-essential fakeroot dpkg-dev devscripts
apt-get source openssl
sudo apt-get build-dep openssl
cd openssl
dch -i
# ...apply patch...
dpkg-buildpackage -rfakeroot -uc -b
cd ..
sudo dpkg -i *.deb

From the Ubuntu changelog page for openssl, find the diff file for quantal, which happens to have the same base version of openssl (1.0.1c). This should apply cleanly against the latest source for raring. If following the instructions from the link above, apply the patch after doing the dch -i part, choose a sensible version number. Ignore/delete the rejected patch for debian/changelog, and continue the process.

Ronny Haryanto
  • 66
  • 2
  • 1
    This will deal with this _particular_ issue, but 13.04 still has a variety of other unpatched security issues. People really should be upgrading. – Michael Hampton Apr 11 '14 at 16:41