Is Cumulus Linux susceptible to the OpenSSL vulnerability where attackers can impersonate cryptographically protected websites, e-mail servers, and virtual private networks?
- Cumulus Linux 1.5.0 and later
No, Cumulus Linux (any version up to the currently released 2.5.3) is not susceptible to this vulnerability because it was introduced into versions of OpenSSL after the one that is included in Debian Wheezy, upon which Cumulus Linux is based.
Cumulus Linux uses OpenSSL version 1.0.1e, and the affected versions are 1.0.2c, 1.0.2b, 1.0.1n and 1.0.1o, which are used in the Debian Unstable and Testing branches.
To verify the version used in Cumulus Linux, run
cumulus@switch$ openssl version OpenSSL 1.0.1e 11 Feb 2013