Please update your system - dangerous security flaw

Releases and other announcements
Forum rules
Section reserved for the team. You can reply to announcements here but not post new topics.

Please update your system - dangerous security flaw

Postby Husse on Wed May 14, 2008 12:52 pm

A security flaw has been discovered in SSL
http://news.softpedia.com/news/Weakness ... 5563.shtml
At first I thought this was server side only, but today there are updates to SSL so I urge you to update. This is potentially very dangerous because if SSL does not work things like banking transactions are insecure
Edit//
Clem pointed out that to increase stability you may want to only select the SSL/SSH related updates
(Clear all and then select)
Image
Don't fix it if it ain't broken, don't break it if you can't fix it
Husse
Level 21
Level 21
 
Posts: 19714
Joined: Sun Feb 11, 2007 7:22 am
Location: Near Borås Sweden

Linux Mint is funded by ads and donations.
 

Re: Please update your system - dangerous security flaw

Postby GrayWizardLinux on Wed May 14, 2008 3:03 pm

Thanks for the heads up Husse!
Linux Mint - Pure Bliss!
User avatar
GrayWizardLinux
Level 6
Level 6
 
Posts: 1240
Joined: Wed Sep 12, 2007 5:47 pm
Location: Anywhere I Am!

Re: Please update your system - dangerous security flaw

Postby Lantesh on Wed May 14, 2008 4:44 pm

I appreciate the heads up, but I'm already good to go. 8)
Lantesh
Level 6
Level 6
 
Posts: 1219
Joined: Sat Apr 12, 2008 1:02 pm

Re: Please update your system - dangerous security flaw

Postby hippy on Wed May 14, 2008 5:39 pm

Thanks for the info Husse
hippy

"To touch the earth is to have harmony with nature." Oglala Sioux
User avatar
hippy
Level 3
Level 3
 
Posts: 107
Joined: Wed Feb 14, 2007 9:00 pm
Location: near the hills (malvern uk)

Re: Please update your system - dangerous security flaw

Postby miket on Wed May 14, 2008 5:51 pm

Hi Husse !

Husse wrote:A security flaw has been discovered in SSL
http://news.softpedia.com/news/Weakness ... 5563.shtml
At first I thought this was server side only, but today there are updates to SSL so I urge you to update. This is potentially very dangerous because if SSL does not work things like banking transactions are insecure


Is this for Mint 4 or Mint 5 ?
I just ran Mintupdate on my Daryna machine and there were no updates to be had ?

Mike.
User avatar
miket
Level 5
Level 5
 
Posts: 524
Joined: Tue Mar 04, 2008 5:50 am
Location: UK & France

Re: Please update your system - dangerous security flaw

Postby Zwopper on Wed May 14, 2008 5:57 pm

My Daryna found the updates!
Try
Code: Select all
apt update

and then refresh mintUpdate again.
Image
My artwork at deviantART | My Tweet
CREA DIEM!
Lenovo E320 | 8GB | 512GB Samsung 840 PRO - SSD | Ubuntu 13.10
User avatar
Zwopper
Level 10
Level 10
 
Posts: 3101
Joined: Fri Nov 30, 2007 12:20 pm
Location: Deep in the Swedish woods

Re: Please update your system - dangerous security flaw

Postby kenetics on Wed May 14, 2008 5:59 pm

Is this for Mint 4 or Mint 5 ?
I just ran Mintupdate on my Daryna machine and there were no updates to be had ?


Same here, and I'm using Elyssa beta as well as Xfce beta.
Image
User avatar
kenetics
Level 5
Level 5
 
Posts: 610
Joined: Thu Dec 14, 2006 9:57 pm
Location: Somewhere on a Florida beach

Re: Please update your system - dangerous security flaw

Postby GrayWizardLinux on Wed May 14, 2008 6:04 pm

Daryna - used mint update - no updates - hit refresh and a bunch of updates appear. Try refreshing, that should help!!!
Linux Mint - Pure Bliss!
User avatar
GrayWizardLinux
Level 6
Level 6
 
Posts: 1240
Joined: Wed Sep 12, 2007 5:47 pm
Location: Anywhere I Am!

Re: Please update your system - dangerous security flaw

Postby Husse on Wed May 14, 2008 6:09 pm

It is a bit of a mystery why updates don't always show up
Should have included this
Systems which are running any of the following releases: * Ubuntu 7.04 (Feisty) * Ubuntu 7.10 (Gutsy) * Ubuntu 8.04 LTS (Hardy) * Ubuntu "Intrepid Ibex" (development): libssl <= 0.9.8g-8 * Debian 4.0 (etch) (see corresponding Debian security advisory)
and have openssh-server installed or have been used to create an OpenSSH key or X.509 (SSL) certificate.
All OpenSSH and X.509 keys generated on such systems must be considered untrustworthy, regardless of the system on which they are used, even after the update has been applied.

This is from
http://www.ubuntu.com/usn/usn-612-1
Have been used to create an OpenSSH key or X.509 (SSL) certificate.
I don't know the handshaking procedure when you for instance connect to your bank to know if the client produces a key, but we got the updates fast....
Image
Don't fix it if it ain't broken, don't break it if you can't fix it
Husse
Level 21
Level 21
 
Posts: 19714
Joined: Sun Feb 11, 2007 7:22 am
Location: Near Borås Sweden

Re: Please update your system - dangerous security flaw

Postby kenetics on Wed May 14, 2008 6:12 pm

GrayWizardLinux wrote:Daryna - used mint update - no updates - hit refresh and a bunch of updates appear. Try refreshing, that should help!!!

OK, that worked. Thanks!
Image
User avatar
kenetics
Level 5
Level 5
 
Posts: 610
Joined: Thu Dec 14, 2006 9:57 pm
Location: Somewhere on a Florida beach

Re: Please update your system - dangerous security flaw

Postby GrayWizardLinux on Wed May 14, 2008 6:14 pm

Husse - after the install I had the ball spinning - had to force quit and reboot and still had issues and tried to check for updates. but problems - then it checked and all was fine. this morning the website was down and the website was stalling when i was doing this so that could have been a problem. the site had issues 2x today for your info. I did check the updates and it said system was in order.
Linux Mint - Pure Bliss!
User avatar
GrayWizardLinux
Level 6
Level 6
 
Posts: 1240
Joined: Wed Sep 12, 2007 5:47 pm
Location: Anywhere I Am!

Re: Please update your system - dangerous security flaw

Postby Husse on Wed May 14, 2008 6:31 pm

. the site had issues 2x today for your info

I know
Got this from Clem
t was due to a library update on the server. Since we're using Gentoo we had to recompile Apache :)

Michael fixed the problem quite fast and things were up and running again.

Michael is d00p our server admin
Image
Don't fix it if it ain't broken, don't break it if you can't fix it
Husse
Level 21
Level 21
 
Posts: 19714
Joined: Sun Feb 11, 2007 7:22 am
Location: Near Borås Sweden

Re: Please update your system - dangerous security flaw

Postby GrayWizardLinux on Wed May 14, 2008 6:35 pm

I figured you guys new that - just posting info though! Thank you Husse!
Linux Mint - Pure Bliss!
User avatar
GrayWizardLinux
Level 6
Level 6
 
Posts: 1240
Joined: Wed Sep 12, 2007 5:47 pm
Location: Anywhere I Am!

Re: Please update your system - dangerous security flaw

Postby Guest on Wed May 14, 2008 7:49 pm

Thanks for the heads up!

I only install levels 1 & 2 automatically. Is libssl0.9.8 the only one I need to update (it's listed as a level 3)?
Guest
 

Re: Please update your system - dangerous security flaw

Postby GrayWizardLinux on Wed May 14, 2008 7:54 pm

I have been told that 1,2,and 3 are Ok - I have and no issues the last 2 updates since I installed Daryna a couple/few weeks ago.

Kenetics - Glad it worked!
(you have a cleaner penguin to use on the other forum --- removed a lot of the white from the edge if you want it for your avatar. The last one is the best on a black background)
Linux Mint - Pure Bliss!
User avatar
GrayWizardLinux
Level 6
Level 6
 
Posts: 1240
Joined: Wed Sep 12, 2007 5:47 pm
Location: Anywhere I Am!

Re: Please update your system - dangerous security flaw

Postby msgnomer on Wed May 14, 2008 8:14 pm

Oops, that was me (Guest).

GWL: I used to install 1, 2, & 3 until something got seriously flubbed up and I had to do a clean install. Now I'm hesitant. Heh.

Gen pop: Do I need to upgrade ssl-cert also?
Jess
msgnomer
Level 2
Level 2
 
Posts: 59
Joined: Sun Jul 15, 2007 3:22 pm
Location: NY, USA

Re: Please update your system - dangerous security flaw

Postby GrayWizardLinux on Wed May 14, 2008 8:35 pm

yes - that was the major security issue from what I understand.


I believe with Celena I did 1 and 2 but Clem and others seem to say that 1, 2, and 3 are safe and tested as such. Maybe tested wasn't the right word.

in the linux mint daryna guide 3 is Ok but not as safe as 1 and 2 but recommended I guess.


p.s. I added level 3 before and never had issues but I went into preferences myself and decided to use 1 and 2 only - so whatever level 3 occurred in the past and earlier today is done and that is the wasy it goes I guess. 1, 2, and 3 are on by default...so they must think that they are generally safe. level 1 and 2 are tested.
Linux Mint - Pure Bliss!
User avatar
GrayWizardLinux
Level 6
Level 6
 
Posts: 1240
Joined: Wed Sep 12, 2007 5:47 pm
Location: Anywhere I Am!

Re: Please update your system - dangerous security flaw

Postby miket on Thu May 15, 2008 3:38 am

Hi Zwopper !

Zwopper wrote:My Daryna found the updates!
Try
Code: Select all
apt update

and then refresh mintUpdate again.


Yes I normally do all my updates that way, but Husse says not to use apt on the CLI as you could get kernel updates which would
stop Mint form working correctly, thus I tried the way that Husse recommended, MintUpdate ONLY, which as per my previous experience
didn't work !

Clicking refresh makes no difference either !
According to mint Update there are no updates to be had :)

I'll now go back to my normal way of doing things, from the CLI !

Mike.
User avatar
miket
Level 5
Level 5
 
Posts: 524
Joined: Tue Mar 04, 2008 5:50 am
Location: UK & France

Re: Please update your system - dangerous security flaw

Postby miket on Thu May 15, 2008 3:46 am

Hi Again !

Ok, MintUpdate says there is nothing new to install ....

apt-get update && apt-get upgrade shows the following :

Code: Select all
apt-get upgrade
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following packages have been kept back:
  openssh-client openssh-server ssl-cert
The following packages will be upgraded:
  amarok amarok-xine apt apt-utils avahi-autoipd avahi-daemon ca-certificates cupsys cupsys-bsd cupsys-client cupsys-common
  flashplugin-nonfree ghostscript ghostscript-x gs-common gs-esp gstreamer0.10-esd gstreamer0.10-plugins-good kdelibs-data
  kdelibs4c2a koffice-data koffice-libs krita krita-data libavahi-client3 libavahi-common-data libavahi-common3
  libavahi-compat-libdnssd1 libavahi-core5 libavahi-glib1 libavahi-qt3-1 libavcodec1d libavutil1d libcupsimage2 libcupsys2
  libgs8 libhsqldb-java libpoppler-glib2 libpoppler-qt2 libpoppler2 libpostproc1d libspeex1 libssl0.9.8 mozilla-thunderbird
  mplayer network-manager-gnome openoffice.org openoffice.org-base openoffice.org-calc openoffice.org-common
  openoffice.org-core openoffice.org-draw openoffice.org-filter-mobiledev openoffice.org-gtk openoffice.org-impress
  openoffice.org-java-common openoffice.org-math openoffice.org-style-human openoffice.org-writer openssl poppler-utils
  python-uno rsync ssh-askpass-gnome thunderbird ttf-opensymbol
66 upgraded, 0 newly installed, 0 to remove and 3 not upgraded.
Need to get 175MB of archives.
After unpacking 373kB of additional disk space will be used.
Do you want to continue [Y/n]?


@Husse - This is why I have always used apt rather than MintUpdate Husse, it just doesn't seem to work under Daryna ??

I'm not sure why the SSL packages have been kept back though ???
I'll investigate further ....

EDIT1: I had to use the --force-yes option with apt to get the openssh-client openssh-server ssl-cert packages to install, not sure why though ??
But all is well again now !
I think MintUpdate still needs looking at :)

EDIT2: Interesting to note that the Ubuntu 7.1 Update Manager found and installed the SSL security updates without any problems at all !

Mike.
User avatar
miket
Level 5
Level 5
 
Posts: 524
Joined: Tue Mar 04, 2008 5:50 am
Location: UK & France

Re: Please update your system - dangerous security flaw

Postby newW2 on Thu May 15, 2008 9:19 am

I had to refresh mintUpdate in Daryna twice to see this update; Elyssa had no problem it was there waiting for me to update.
User avatar
newW2
Level 6
Level 6
 
Posts: 1081
Joined: Fri Apr 06, 2007 10:24 am
Location: USA

Linux Mint is funded by ads and donations.
 
Next

Return to Releases & Announcements

Who is online

Users browsing this forum: No registered users and 7 guests