OpenSSL patch for heartbleed
Forum rules
LMDE 2 has reached end of support as of 1-1-2019
LMDE 2 has reached end of support as of 1-1-2019
OpenSSL patch for heartbleed
Hello,
I searched the forums for any mention for open SSl patch for heartbleed. However i only came across the info for LM main. I was wondering what the situation for LMDE is. I ran a check for the version number and it is old one built on nov 2013. I also checked updates and there was nothing there too. When can LMDE users expect the patched version? I hope this wont remain unpatched till the next UP . IM currently on UP8
Thanks in advance
SliperySam
I searched the forums for any mention for open SSl patch for heartbleed. However i only came across the info for LM main. I was wondering what the situation for LMDE is. I ran a check for the version number and it is old one built on nov 2013. I also checked updates and there was nothing there too. When can LMDE users expect the patched version? I hope this wont remain unpatched till the next UP . IM currently on UP8
Thanks in advance
SliperySam
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Re: OpenSSL patch for heartbleed
The patch is in Romeo and will be in available for all today.
Re: OpenSSL patch for heartbleed
I confirmed that an update package of OpenSSL was reflected by debian.linuxmint.com.
The mirror site may be delayed a little more.
In LMDE, OpenSSL is updated in the most recent version (1.0.1g):
The mirror site may be delayed a little more.
In LMDE, OpenSSL is updated in the most recent version (1.0.1g):
Code: Select all
$ openssl version
OpenSSL 1.0.1g 7 Apr 2014
$ openssl version -b
built on: Mon Apr 7 21:30:49 UTC 2014
Re: OpenSSL patch for heartbleed
Wrong. Most recent version in Debian Testing is 1.0.1-g2, an update considered "urgency=emergency" by http://metadata.ftp-master.debian.org/c ... _changelog .fu-sen wrote:In LMDE, OpenSSL is updated in the most recent version (1.0.1g):
-
- Level 3
- Posts: 181
- Joined: Mon Mar 22, 2010 2:48 pm
Re: OpenSSL patch for heartbleed
Hiya. I'm using Mint 14 Mate and I've tried:
sudo apt-get update
sudo apt-get upgrade
sudo apt-get upgrade openssl
but I'm still showing a 2012 openssl version.
There's a walkthrough on youtube but I have no "official package repositories list" in the sources.list.d folder. There's a few files for a Libreoffice test, two called local-repositary, a couple from Firefox nightly, and another 6 with Quantal in the title.
Thanks for any help.
sudo apt-get update
sudo apt-get upgrade
sudo apt-get upgrade openssl
but I'm still showing a 2012 openssl version.
There's a walkthrough on youtube but I have no "official package repositories list" in the sources.list.d folder. There's a few files for a Libreoffice test, two called local-repositary, a couple from Firefox nightly, and another 6 with Quantal in the title.
Thanks for any help.
Re: OpenSSL patch for heartbleed
Don't know whether it helps in this case but in general you should update with or use mintupdate.
What version of openssl is installed? 0.9.8 is not affected by heartbleed. 1.x should be updated.
Code: Select all
sudo apt-get update && sudo apt-get dist-upgrade
What version of openssl is installed? 0.9.8 is not affected by heartbleed. 1.x should be updated.
Re: OpenSSL patch for heartbleed
No! He uses Linux Mint 14 based on Ubuntu. Frozen Snapshot. So no dist-upgrade for him, upgrade should be fine and safer.py-thon wrote:Don't know whether it helps in this case but in general you should update withCode: Select all
sudo apt-get update && sudo apt-get dist-upgrade
Last edited by killer de bug on Thu Apr 10, 2014 11:58 am, edited 1 time in total.
Re: OpenSSL patch for heartbleed
This has nothing to do with being based on Ubuntu or Debian directly.
Upgrade does not install necessary dependencies, dist-upgrade does. Therefore using upgrade can mean that packages are not upgraded because of conflicts arising from dependencies (of the package you are trying to upgrade or other installed packages). dist-upgrade tries to solve the dependencies. dist-upgrade does not mean distribution upgrade.
See for example http://askubuntu.com/questions/215267/w ... er-version or the correspondent manpages.
Upgrade does not install necessary dependencies, dist-upgrade does. Therefore using upgrade can mean that packages are not upgraded because of conflicts arising from dependencies (of the package you are trying to upgrade or other installed packages). dist-upgrade tries to solve the dependencies. dist-upgrade does not mean distribution upgrade.
See for example http://askubuntu.com/questions/215267/w ... er-version or the correspondent manpages.
Re: OpenSSL patch for heartbleed
I know exactly how dist-upgrade and upgrade work, thank you.py-thon wrote:This has nothing to do with being based on Ubuntu or Debian directly.
I repeat :
- Rolling distro : dist-upgrade or you will break everything sooner or later (LMDE case)
- Frozen snapshot, no big upgrade in soft, only security fix and minor revision, so upgrade.
-
- Level 3
- Posts: 181
- Joined: Mon Mar 22, 2010 2:48 pm
Re: OpenSSL patch for heartbleed
Thanks, it's version
OpenSSL 1.0.1c 10 May 2012
MintUpdate insists I'm up to date.
I enabled the unstable (Romeo) packages too and did an update (ignoring level 3 and level 4) and I also ran
sudo apt-get upgrade
anyway, but it's still the same version
Thanks again for any help.
OpenSSL 1.0.1c 10 May 2012
MintUpdate insists I'm up to date.
I enabled the unstable (Romeo) packages too and did an update (ignoring level 3 and level 4) and I also ran
sudo apt-get upgrade
anyway, but it's still the same version
Thanks again for any help.
Re: OpenSSL patch for heartbleed
The fix was marked level 3 I think. So if you ignore it you can't have it...
-
- Level 3
- Posts: 181
- Joined: Mon Mar 22, 2010 2:48 pm
Re: OpenSSL patch for heartbleed
Thanks, I tried it with all levels enabled but no luck at all. It must be in a repo that I don't have enabled.
I'm planning on updating to Mint 17 end of May anyway.
I tried most of the url's I was worried about in here and I got lucky at least with that it seems.
http://filippo.io/Heartbleed/
Level 3 seems rather lowly for something attracting so much heat?
No to worry, thanks again.
I'm planning on updating to Mint 17 end of May anyway.
I tried most of the url's I was worried about in here and I got lucky at least with that it seems.
http://filippo.io/Heartbleed/
Level 3 seems rather lowly for something attracting so much heat?
No to worry, thanks again.
Re: OpenSSL patch for heartbleed
Levels in update manager are not related to the importance or to the criticality of the bug... It's only related to the probability that applying this upgrade will break your system or not...nathanjh13 wrote: Level 3 seems rather lowly for something attracting so much heat?
It's a relatively low risk security hole for the average user a desktop-oriented OS.
Hackers are unlikely to take the time to retrieve tiny chunks of data repeatedly from a boring target with no potential for financial gain.
It's a bigger concern for people hosting web servers and VPNs with saleable content, like Canada Revenue Agency during tax time!
Hackers are unlikely to take the time to retrieve tiny chunks of data repeatedly from a boring target with no potential for financial gain.
It's a bigger concern for people hosting web servers and VPNs with saleable content, like Canada Revenue Agency during tax time!
Re: OpenSSL patch for heartbleed
I have a similar problem with my Mint 16, I have OpenSSL 1.0.1e 11 Feb 2013 and selected to display all 5 levels in MintUpdate (checked that all were visible); I even checked the "Unstable packages (romeo)" under the Software Sources / Official repositories. Updated/refreshed, and I do not see any update for OpenSSL.nathanjh13 wrote:Thanks, it's version
OpenSSL 1.0.1c 10 May 2012
MintUpdate insists I'm up to date.
I enabled the unstable (Romeo) packages too and did an update (ignoring level 3 and level 4) and I also ran
sudo apt-get upgrade
anyway, but it's still the same version
Thanks again for any help.
I manually did a sudo apt-get update && sudo apt-get dist-upgrade as well as a sudo apt-get upgrade and I'm still seeing OpenSSL 1.0.1e
Hell, I did sudo apt-get upgrade openssl and got
Code: Select all
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages have been kept back:
gir1.2-gtksource-3.0 gjs gnome-font-viewer gnome-settings-daemon libgtkmm-3.0-1 libgtksourceview-3.0-1
0 upgraded, 0 newly installed, 0 to remove and 6 not upgraded.
Main Comp: i7-4770K @ 3.5GHz + nVidia 760GTX + 16GB RAM + SSD + HDD²
Linux Mint 17.2 - KDE 4.14.2 - kernel 3.16.0-38-generic
Join me and become a Linux Mint Community Sponsor and share some love! (for as little as USD$20 a month)
Linux Mint 17.2 - KDE 4.14.2 - kernel 3.16.0-38-generic
Join me and become a Linux Mint Community Sponsor and share some love! (for as little as USD$20 a month)
Re: OpenSSL patch for heartbleed
Please use the search engine before asking a question which has already been answered many times:
http://forums.linuxmint.com/viewtopic.p ... 57#p846368
http://forums.linuxmint.com/viewtopic.p ... 69#p845069
http://forums.linuxmint.com/viewtopic.p ... 57#p846368
http://forums.linuxmint.com/viewtopic.p ... 69#p845069
Re: OpenSSL patch for heartbleed
I did use a search engine - that is what brought me to this ALREADY ESTABLISHED thread. Maybe you missed it, but I did not start a new thread on the topic.eanfrid wrote:Please use the search engine before asking a question which has already been answered many times:
http://forums.linuxmint.com/viewtopic.p ... 57#p846368
http://forums.linuxmint.com/viewtopic.p ... 69#p845069
Also, just because information and announcements are next to nothing for Linux Mint users, do not be upset with me because I did not find your replies. That seems a bit arrogant or snobby. That said, thank you for pointing me to your information. Backporting is what I suspected with the April 7 build date, but was not sure.
Main Comp: i7-4770K @ 3.5GHz + nVidia 760GTX + 16GB RAM + SSD + HDD²
Linux Mint 17.2 - KDE 4.14.2 - kernel 3.16.0-38-generic
Join me and become a Linux Mint Community Sponsor and share some love! (for as little as USD$20 a month)
Linux Mint 17.2 - KDE 4.14.2 - kernel 3.16.0-38-generic
Join me and become a Linux Mint Community Sponsor and share some love! (for as little as USD$20 a month)
Re: OpenSSL patch for heartbleed
@myrkat: I am neither upset nor arrogant But did you notice that this topic is about LMDE, which works differently than the Ubuntu-based main edition ?
Re: OpenSSL patch for heartbleed
@myrkat
So you should check in synaptic to get the exact version which openssl version -a obviously doesn't (it shows the build date but not the complete version name).
Depending on the Mint version it should show
1.0.1e-3ubuntu1.2 (on Mint 16, which you are talking about)
1.0.1-4ubuntu5.12 (on Mint 13)
1.0.1g-2 (on LMDE, which this thread is about)
So you should check in synaptic to get the exact version which openssl version -a obviously doesn't (it shows the build date but not the complete version name).
Depending on the Mint version it should show
1.0.1e-3ubuntu1.2 (on Mint 16, which you are talking about)
1.0.1-4ubuntu5.12 (on Mint 13)
1.0.1g-2 (on LMDE, which this thread is about)