Cumulus Linux Is not Susceptible to the OpenSSL Vulnerability CVE-2015-1793



Is Cumulus Linux susceptible to the OpenSSL vulnerability where attackers can impersonate cryptographically protected websites, e-mail servers, and virtual private networks?


  • Cumulus Linux 1.5.0 and later


No, Cumulus Linux (any version up to the currently released 2.5.3) is not susceptible to this vulnerability because it was introduced into versions of OpenSSL after the one that is included in Debian Wheezy, upon which Cumulus Linux is based.

Cumulus Linux uses OpenSSL version 1.0.1e, and the affected versions are 1.0.2c, 1.0.2b, 1.0.1n and 1.0.1o, which are used in the Debian Unstable and Testing branches.

OpenSSL announced a fix, which is being tracked in CVE-2015-1793.

To verify the version used in Cumulus Linux, run openssl version:

cumulus@switch$ openssl version
OpenSSL 1.0.1e 11 Feb 2013


Have more questions? Submit a request


Powered by Zendesk