I'm having ubuntu 14.04.4(server) with open ssl version 1.0.1f version. AM i vulnerable to heartbleed?

Question

I'm having ubuntu 14.04.4(server) with open ssl version 1.0.1f version

openssl: 1.0.1f 6 jan 2014
built on  mon feb 29 18:11:15 UTC 2016
platform: debian-amd64

What i need to know is that am i vulnerable to heartbleed? do ubuntu 14.04 has hearbleed fix? last but not the least the ubuntu package 2.18 and 2.16 vulnerable to heartbleed?

Answer 1

openssl version -a

If your build is older than April 7 2014 it may be vulnerable (from https://blog.pay4bugs.com/2014/04/08/howto-update-ubuntu-to-fix-heartbleed-ssl-bug/)

Your build is from feb 29 2016 - so not vulnerable

If you want to know the overall quality of your certificate and it is available from internet - check:

https://www.ssllabs.com/ssltest/index.html