Ubuntu, like most other Linux distros, releases security updates by patching specific issues rather than updating whole versions of software. This is to keep the packages in a stable release as close to their original version as possible to avoid introducing unintended regressions. For more details, see Stable Release Updates.
Sometimes external security vendors doing software version scanning against Ubuntu systems do not check actual package versions, leading to false positives in their scan reports. The particular issue you asked about was fixed in http://www.ubuntu.com/usn/usn-1029-1 ** Changed in: openssl (Ubuntu) Status: New => Invalid ** Visibility changed to: Public ** This bug is no longer flagged as a security vulnerability -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/879028 Title: Update OpenSSL package for 10.04 LTS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/879028/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
