OpenSSL patch for heartbleed

Questions about applications and software
Forum rules
Before you post please read this

Re: OpenSSL patch for heartbleed

Postby DrHu on Sat Apr 12, 2014 2:28 pm

The bigger problem will be any websites that haven't patched their ssl connection softwared..
--they should be indicating that they have applied a fix; at which point the connecting user can change their password, if it is a subscriber based site or an email supplier, google etc..
User avatar
DrHu
Level 16
Level 16
 
Posts: 6900
Joined: Wed Jun 17, 2009 8:20 pm

Linux Mint is funded by ads and donations.
 

Re: OpenSSL patch for heartbleed

Postby myrkat on Sat Apr 12, 2014 3:59 pm

py-thon wrote:@myrkat
So you should check in synaptic to get the exact version which openssl version -a obviously doesn't (it shows the build date but not the complete version name).
Depending on the Mint version it should show
1.0.1e-3ubuntu1.2 (on Mint 16, which you are talking about)
1.0.1-4ubuntu5.12 (on Mint 13)
1.0.1g-2 (on LMDE, which this thread is about)

I did, and I do have the 1.0.1e-3ubuntu1.2 - thank you for the clarification. I figured the LMDE solution would be similar for Mint 16 - and to an effect it was... the upgrade and dist-upgrade backported (though that was not clear until eanfrid pointed me to his other replies in different threads. I weaved together a solution and am updated on my machine and my two kids' Mint 16 boxes (whole family is networked and solid linux).
Main Comp: i7-4770K @ 3.5GHz + nVidia 760GTX + 16GB RAM + SSD + HDD
Linux Mint 17 - KDE
SteamOS Beta
Windows 8.1 Pro x64 (only for Xara)
User avatar
myrkat
Level 1
Level 1
 
Posts: 35
Joined: Sun Feb 02, 2014 7:10 pm

Re:

Postby nathanjh13 on Sat Apr 12, 2014 4:05 pm

Lingula wrote:It's a relatively low risk security hole for the average user a desktop-oriented OS.
Hackers are unlikely to take the time to retrieve tiny chunks of data repeatedly from a boring target with no potential for financial gain.


I appreciate that no problem. I'm not suggesting for a minute they're interested in me, but some boring targets may indeed have potential for financial gain. I think it's foolish to second guess what hackers may and may not do but that's just me. I wasn't too worried hence I put "I'm planning on updating to Mint 17 end of May anyway". This was something I started to remedy, had a problem and thought, I may as well try to fix it.

Besides, every important site I use came up good in this [url]filippo.io/Heartbleed/[/url] except hotmail.com (which wasn't affected anyway (I found out later)) so I relaxed.

@eanfrid thanks for the links, very good. I of course also used the search but ended up here. [ I think the title "OpenSSL patch for heartbleed" threw me :) ]

This particular link from the other thread was very helpful [url]http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/
[/url]
Many thank to all :D
nathanjh13
Level 3
Level 3
 
Posts: 157
Joined: Mon Mar 22, 2010 2:48 pm

Re: OpenSSL patch for heartbleed

Postby nathanjh13 on Sat Apr 12, 2014 4:36 pm

Also I have, to admit ignorance, I misunderstood the meaning of "long term release".

I thought LM14, LM 15 and LM16 were maintained until along with LM13 and they all ended when support for LM13 finished. I didn't realise they only had 9 months after each release. My bad.

I suspect other users may not be aware of this and that their packages are very out of date (even though they're technically up to date for that release).

Code: Select all
sudo openssl version -a


If "built on" is on or after April 7 2014, you’re in the clear."

From:
http://www.digitaltrends.com/computing/how-to-update-ubuntu-plug-heartbleed-openssl-flaw/
nathanjh13
Level 3
Level 3
 
Posts: 157
Joined: Mon Mar 22, 2010 2:48 pm

Re: OpenSSL patch for heartbleed

Postby chuckatpdo on Mon Apr 14, 2014 12:50 pm

FWIW...

(On Mint 15/386)

I performed:

wget http://packages.linuxmint.com/pool/upst ... 2_i386.deb
and
sudo dpkg -i openssl_1.0.1g-2_i386.deb

to effect the update.
chuckatpdo
Level 1
Level 1
 
Posts: 1
Joined: Mon Apr 14, 2014 12:40 pm

Re: OpenSSL patch for heartbleed

Postby kwisher on Tue Apr 15, 2014 2:32 pm

killer de bug wrote:
py-thon wrote:This has nothing to do with being based on Ubuntu or Debian directly.


I know exactly how dist-upgrade and upgrade work, thank you.

I repeat :
- Rolling distro : dist-upgrade or you will break everything sooner or later (LMDE case)
- Frozen snapshot, no big upgrade in soft, only security fix and minor revision, so upgrade.

FYI: I've used dist-upgrade on ubuntu/mint for years and have NEVER broke anything.
The instructions suggested Windows XP or better, so I installed Linux :)
User avatar
kwisher
Level 5
Level 5
 
Posts: 636
Joined: Wed Mar 05, 2008 12:54 pm
Location: Greentown, Indiana USA

Re: OpenSSL patch for heartbleed

Postby py-thon on Tue Apr 15, 2014 5:31 pm

chuckatpdo wrote:(On Mint 15/386)
This version is no longer supported and thus might (I haven't checked) have other security issues apart from heartbleed.
Tower: Sparky 64 bit Mate+mintmenu - Netbook: LMDE Mate 32bit
py-thon
Level 4
Level 4
 
Posts: 264
Joined: Fri Sep 27, 2013 2:24 pm
Location: Paraguay

Linux Mint is funded by ads and donations.
 
Previous

Return to Software & Applications

Who is online

Users browsing this forum: lake_wrangler and 3 guests