Linux Mint Forums

[Husse]

A security flaw has been discovered in SSL
http://news.softpedia.com/news/Weakness ... 5563.shtml
At first I thought this was server side only, but today there are updates to SSL so I urge you to update. This is potentially very dangerous because if SSL does not work things like banking transactions are insecure
Edit//
Clem pointed out that to increase stability you may want to only select the SSL/SSH related updates
(Clear all and then select)

[GrayWizardLinux]

Thanks for the heads up Husse!

[Lantesh]

I appreciate the heads up, but I'm already good to go.

[hippy]

Thanks for the info Husse

[miket]

Hi Husse !

A security flaw has been discovered in SSL
http://news.softpedia.com/news/Weakness ... 5563.shtml
At first I thought this was server side only, but today there are updates to SSL so I urge you to update. This is potentially very dangerous because if SSL does not work things like banking transactions are insecure

Is this for Mint 4 or Mint 5 ?
I just ran Mintupdate on my Daryna machine and there were no updates to be had ?

Mike.

[Zwopper]

My Daryna found the updates!
Try

Code: Select all

apt update

and then refresh mintUpdate again.

[kenetics]

Is this for Mint 4 or Mint 5 ?
I just ran Mintupdate on my Daryna machine and there were no updates to be had ?

Same here, and I'm using Elyssa beta as well as Xfce beta.

[GrayWizardLinux]

Daryna - used mint update - no updates - hit refresh and a bunch of updates appear. Try refreshing, that should help!!!

[Husse]

It is a bit of a mystery why updates don't always show up
Should have included this

Systems which are running any of the following releases: * Ubuntu 7.04 (Feisty) * Ubuntu 7.10 (Gutsy) * Ubuntu 8.04 LTS (Hardy) * Ubuntu "Intrepid Ibex" (development): libssl <= 0.9.8g-8 * Debian 4.0 (etch) (see corresponding Debian security advisory)
and have openssh-server installed or have been used to create an OpenSSH key or X.509 (SSL) certificate.
All OpenSSH and X.509 keys generated on such systems must be considered untrustworthy, regardless of the system on which they are used, even after the update has been applied.

This is from
http://www.ubuntu.com/usn/usn-612-1
Have been used to create an OpenSSH key or X.509 (SSL) certificate.
I don't know the handshaking procedure when you for instance connect to your bank to know if the client produces a key, but we got the updates fast....

[kenetics]

Daryna - used mint update - no updates - hit refresh and a bunch of updates appear. Try refreshing, that should help!!!

OK, that worked. Thanks!

[GrayWizardLinux]

Husse - after the install I had the ball spinning - had to force quit and reboot and still had issues and tried to check for updates. but problems - then it checked and all was fine. this morning the website was down and the website was stalling when i was doing this so that could have been a problem. the site had issues 2x today for your info. I did check the updates and it said system was in order.

[Husse]

. the site had issues 2x today for your info

I know
Got this from Clem

t was due to a library update on the server. Since we're using Gentoo we had to recompile Apache

Michael fixed the problem quite fast and things were up and running again.

Michael is d00p our server admin

[GrayWizardLinux]

I figured you guys new that - just posting info though! Thank you Husse!

[Guest]

Thanks for the heads up!

I only install levels 1 & 2 automatically. Is libssl0.9.8 the only one I need to update (it's listed as a level 3)?

[GrayWizardLinux]

I have been told that 1,2,and 3 are Ok - I have and no issues the last 2 updates since I installed Daryna a couple/few weeks ago.

Kenetics - Glad it worked!
(you have a cleaner penguin to use on the other forum --- removed a lot of the white from the edge if you want it for your avatar. The last one is the best on a black background)

[msgnomer]

Oops, that was me (Guest).

GWL: I used to install 1, 2, & 3 until something got seriously flubbed up and I had to do a clean install. Now I'm hesitant. Heh.

Gen pop: Do I need to upgrade ssl-cert also?

[GrayWizardLinux]

yes - that was the major security issue from what I understand.


I believe with Celena I did 1 and 2 but Clem and others seem to say that 1, 2, and 3 are safe and tested as such. Maybe tested wasn't the right word.

in the linux mint daryna guide 3 is Ok but not as safe as 1 and 2 but recommended I guess.


p.s. I added level 3 before and never had issues but I went into preferences myself and decided to use 1 and 2 only - so whatever level 3 occurred in the past and earlier today is done and that is the wasy it goes I guess. 1, 2, and 3 are on by default...so they must think that they are generally safe. level 1 and 2 are tested.

[miket]

Hi Zwopper !

My Daryna found the updates!
Try

Code: Select all

apt update

and then refresh mintUpdate again.

Yes I normally do all my updates that way, but Husse says not to use apt on the CLI as you could get kernel updates which would
stop Mint form working correctly, thus I tried the way that Husse recommended, MintUpdate ONLY, which as per my previous experience
didn't work !

Clicking refresh makes no difference either !
According to mint Update there are no updates to be had

I'll now go back to my normal way of doing things, from the CLI !

Mike.

[miket]

Hi Again !

Ok, MintUpdate says there is nothing new to install ....

apt-get update && apt-get upgrade shows the following :

Code: Select all

apt-get upgrade
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following packages have been kept back:
  openssh-client openssh-server ssl-cert
The following packages will be upgraded:
  amarok amarok-xine apt apt-utils avahi-autoipd avahi-daemon ca-certificates cupsys cupsys-bsd cupsys-client cupsys-common
  flashplugin-nonfree ghostscript ghostscript-x gs-common gs-esp gstreamer0.10-esd gstreamer0.10-plugins-good kdelibs-data
  kdelibs4c2a koffice-data koffice-libs krita krita-data libavahi-client3 libavahi-common-data libavahi-common3
  libavahi-compat-libdnssd1 libavahi-core5 libavahi-glib1 libavahi-qt3-1 libavcodec1d libavutil1d libcupsimage2 libcupsys2
  libgs8 libhsqldb-java libpoppler-glib2 libpoppler-qt2 libpoppler2 libpostproc1d libspeex1 libssl0.9.8 mozilla-thunderbird
  mplayer network-manager-gnome openoffice.org openoffice.org-base openoffice.org-calc openoffice.org-common
  openoffice.org-core openoffice.org-draw openoffice.org-filter-mobiledev openoffice.org-gtk openoffice.org-impress
  openoffice.org-java-common openoffice.org-math openoffice.org-style-human openoffice.org-writer openssl poppler-utils
  python-uno rsync ssh-askpass-gnome thunderbird ttf-opensymbol
66 upgraded, 0 newly installed, 0 to remove and 3 not upgraded.
Need to get 175MB of archives.
After unpacking 373kB of additional disk space will be used.
Do you want to continue [Y/n]?


@Husse - This is why I have always used apt rather than MintUpdate Husse, it just doesn't seem to work under Daryna ??

I'm not sure why the SSL packages have been kept back though ???
I'll investigate further ....

EDIT1: I had to use the --force-yes option with apt to get the openssh-client openssh-server ssl-cert packages to install, not sure why though ??
But all is well again now !
I think MintUpdate still needs looking at

EDIT2: Interesting to note that the Ubuntu 7.1 Update Manager found and installed the SSL security updates without any problems at all !

Mike.

[newW2]

I had to refresh mintUpdate in Daryna twice to see this update; Elyssa had no problem it was there waiting for me to update.