: OpenSSL Padding Oracle vuln. (CVE-2016-2107)


Firstly apologies for asking this question in Meteor forum.

Followed link to upgrade openSSL.

openssl version is, OpenSSL 1.0.2n 7 Dec 2017

After that tried sudo service nginx restart

apt-cache policy openssl:

Installed: 1.0.2g-1ubuntu4.10
Candidate: 1.0.2g-1ubuntu4.10

sudo apt-get install --only-upgrade libssl1.0.0 openssl
Reading package lists... Done
Building dependency tree
Reading state information... Done
libssl1.0.0 is already the newest version (1.0.2g-1ubuntu4.10).
openssl is already the newest version (1.0.2g-1ubuntu4.10).
The following packages were automatically installed and are no longer required:
bridge-utils containerd linux-aws-headers-4.4.0-1048
linux-headers-4.4.0-1048-aws linux-image-4.4.0-1048-aws runc ubuntu-fan
Use 'sudo apt autoremove' to remove them.
0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.

lsb_release -a

No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 16.04.4 LTS
Release:    16.04
Codename:   xenial

Also followed steps from this , no luck.

1. sudo apt-get update
2. sudo apt-get install --only-upgrade libssl1.0.0 openssl
3. sudo vi /etc/apache2/mods-available/ssl.conf
# Edit/Add the following lines in the file
# NOTE: There is a space after SSLCipherSuite NOT a new line

SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder On

4. sudo service apache2 restart
nginx -v nginx version: nginx/1.10.3 (Ubuntu)

Still getting ‘F’ in

Thanks in Advance!