[Ubuntu 20.04] Potential vulnerabilities if OpenSSL 1.1.1 is used

[mabuimo]

Hi, I am using the openssl package under Ubuntu 20.04. This means that I've installed the library libssl-dev by executing: apt-get install -y libssl-dev.

The version installed is 1.1.1f-1ubuntu2.22. However, it seems that this version / Open SSL 1.1.1 have some vulnerabilities. Is there a way to use a higher version of OpenSSL as you are proposing under Windows/MacOS? Thanks.

[jeroen]

No, on Linux you need to use the openssl that is provided by your operating system. As long as you use an OS that still has active support (such as ubuntu 20.04) all security vulnerabilities will automatically be fixed by the Ubuntu maintainers, see for example the 1.1.1f-1ubuntu2.22 changelog.

If you want to use a newer openssl you need to update to Ubuntu 22.04 or 24.04.