Please update your system - dangerous security flaw

Releases and other announcements.
Please don't post support questions here
Forum rules
Section reserved for the team. You can reply to announcements here but not post new topics. Do not add support questions to threads here, use the appropriate support forum instead.
Husse

Please update your system - dangerous security flaw

Post by Husse »

A security flaw has been discovered in SSL
http://news.softpedia.com/news/Weakness ... 5563.shtml
At first I thought this was server side only, but today there are updates to SSL so I urge you to update. This is potentially very dangerous because if SSL does not work things like banking transactions are insecure
Edit//
Clem pointed out that to increase stability you may want to only select the SSL/SSH related updates
(Clear all and then select)
User avatar
GrayWizardLinux
Level 6
Level 6
Posts: 1232
Joined: Wed Sep 12, 2007 5:47 pm
Location: Anywhere I Am!

Re: Please update your system - dangerous security flaw

Post by GrayWizardLinux »

Thanks for the heads up Husse!
Linux Mint - Pure Bliss!
Lantesh

Re: Please update your system - dangerous security flaw

Post by Lantesh »

I appreciate the heads up, but I'm already good to go. 8)
User avatar
hippy
Level 3
Level 3
Posts: 107
Joined: Wed Feb 14, 2007 9:00 pm
Location: near the hills (malvern uk)

Re: Please update your system - dangerous security flaw

Post by hippy »

Thanks for the info Husse
hippy

"To touch the earth is to have harmony with nature." Oglala Sioux
miket

Re: Please update your system - dangerous security flaw

Post by miket »

Hi Husse !
Husse wrote:A security flaw has been discovered in SSL
http://news.softpedia.com/news/Weakness ... 5563.shtml
At first I thought this was server side only, but today there are updates to SSL so I urge you to update. This is potentially very dangerous because if SSL does not work things like banking transactions are insecure
Is this for Mint 4 or Mint 5 ?
I just ran Mintupdate on my Daryna machine and there were no updates to be had ?

Mike.
User avatar
Zwopper
Level 10
Level 10
Posts: 3054
Joined: Fri Nov 30, 2007 12:20 pm
Location: Deep in the Swedish woods
Contact:

Re: Please update your system - dangerous security flaw

Post by Zwopper »

My Daryna found the updates!
Try

Code: Select all

apt update
and then refresh mintUpdate again.
Image
My artwork at deviantART | My Band - Electric Alchemea
CREA DIEM!

Lenovo U330P | i5 | 16GB | 128GB - SSD | Elemantary OS 0.4
User avatar
kenetics
Level 5
Level 5
Posts: 806
Joined: Thu Dec 14, 2006 9:57 pm
Location: Tampa Bay, Florida
Contact:

Re: Please update your system - dangerous security flaw

Post by kenetics »

Is this for Mint 4 or Mint 5 ?
I just ran Mintupdate on my Daryna machine and there were no updates to be had ?
Same here, and I'm using Elyssa beta as well as Xfce beta.
Using Mint as primary OS since 2006.
User avatar
GrayWizardLinux
Level 6
Level 6
Posts: 1232
Joined: Wed Sep 12, 2007 5:47 pm
Location: Anywhere I Am!

Re: Please update your system - dangerous security flaw

Post by GrayWizardLinux »

Daryna - used mint update - no updates - hit refresh and a bunch of updates appear. Try refreshing, that should help!!!
Linux Mint - Pure Bliss!
Husse

Re: Please update your system - dangerous security flaw

Post by Husse »

It is a bit of a mystery why updates don't always show up
Should have included this
Systems which are running any of the following releases: * Ubuntu 7.04 (Feisty) * Ubuntu 7.10 (Gutsy) * Ubuntu 8.04 LTS (Hardy) * Ubuntu "Intrepid Ibex" (development): libssl <= 0.9.8g-8 * Debian 4.0 (etch) (see corresponding Debian security advisory)
and have openssh-server installed or have been used to create an OpenSSH key or X.509 (SSL) certificate.
All OpenSSH and X.509 keys generated on such systems must be considered untrustworthy, regardless of the system on which they are used, even after the update has been applied.
This is from
http://www.ubuntu.com/usn/usn-612-1
Have been used to create an OpenSSH key or X.509 (SSL) certificate.
I don't know the handshaking procedure when you for instance connect to your bank to know if the client produces a key, but we got the updates fast....
User avatar
kenetics
Level 5
Level 5
Posts: 806
Joined: Thu Dec 14, 2006 9:57 pm
Location: Tampa Bay, Florida
Contact:

Re: Please update your system - dangerous security flaw

Post by kenetics »

GrayWizardLinux wrote:Daryna - used mint update - no updates - hit refresh and a bunch of updates appear. Try refreshing, that should help!!!
OK, that worked. Thanks!
Using Mint as primary OS since 2006.
User avatar
GrayWizardLinux
Level 6
Level 6
Posts: 1232
Joined: Wed Sep 12, 2007 5:47 pm
Location: Anywhere I Am!

Re: Please update your system - dangerous security flaw

Post by GrayWizardLinux »

Husse - after the install I had the ball spinning - had to force quit and reboot and still had issues and tried to check for updates. but problems - then it checked and all was fine. this morning the website was down and the website was stalling when i was doing this so that could have been a problem. the site had issues 2x today for your info. I did check the updates and it said system was in order.
Linux Mint - Pure Bliss!
Husse

Re: Please update your system - dangerous security flaw

Post by Husse »

. the site had issues 2x today for your info
I know
Got this from Clem
t was due to a library update on the server. Since we're using Gentoo we had to recompile Apache :)

Michael fixed the problem quite fast and things were up and running again.
Michael is d00p our server admin
User avatar
GrayWizardLinux
Level 6
Level 6
Posts: 1232
Joined: Wed Sep 12, 2007 5:47 pm
Location: Anywhere I Am!

Re: Please update your system - dangerous security flaw

Post by GrayWizardLinux »

I figured you guys new that - just posting info though! Thank you Husse!
Linux Mint - Pure Bliss!
Guest

Re: Please update your system - dangerous security flaw

Post by Guest »

Thanks for the heads up!

I only install levels 1 & 2 automatically. Is libssl0.9.8 the only one I need to update (it's listed as a level 3)?
User avatar
GrayWizardLinux
Level 6
Level 6
Posts: 1232
Joined: Wed Sep 12, 2007 5:47 pm
Location: Anywhere I Am!

Re: Please update your system - dangerous security flaw

Post by GrayWizardLinux »

I have been told that 1,2,and 3 are Ok - I have and no issues the last 2 updates since I installed Daryna a couple/few weeks ago.

Kenetics - Glad it worked!
(you have a cleaner penguin to use on the other forum --- removed a lot of the white from the edge if you want it for your avatar. The last one is the best on a black background)
Linux Mint - Pure Bliss!
User avatar
GrayWizardLinux
Level 6
Level 6
Posts: 1232
Joined: Wed Sep 12, 2007 5:47 pm
Location: Anywhere I Am!

Re: Please update your system - dangerous security flaw

Post by GrayWizardLinux »

yes - that was the major security issue from what I understand.


I believe with Celena I did 1 and 2 but Clem and others seem to say that 1, 2, and 3 are safe and tested as such. Maybe tested wasn't the right word.

in the linux mint daryna guide 3 is Ok but not as safe as 1 and 2 but recommended I guess.


p.s. I added level 3 before and never had issues but I went into preferences myself and decided to use 1 and 2 only - so whatever level 3 occurred in the past and earlier today is done and that is the wasy it goes I guess. 1, 2, and 3 are on by default...so they must think that they are generally safe. level 1 and 2 are tested.
Linux Mint - Pure Bliss!
miket

Re: Please update your system - dangerous security flaw

Post by miket »

Hi Zwopper !
Zwopper wrote:My Daryna found the updates!
Try

Code: Select all

apt update
and then refresh mintUpdate again.
Yes I normally do all my updates that way, but Husse says not to use apt on the CLI as you could get kernel updates which would
stop Mint form working correctly, thus I tried the way that Husse recommended, MintUpdate ONLY, which as per my previous experience
didn't work !

Clicking refresh makes no difference either !
According to mint Update there are no updates to be had :)

I'll now go back to my normal way of doing things, from the CLI !

Mike.
miket

Re: Please update your system - dangerous security flaw

Post by miket »

Hi Again !

Ok, MintUpdate says there is nothing new to install ....

apt-get update && apt-get upgrade shows the following :

Code: Select all

apt-get upgrade
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following packages have been kept back:
  openssh-client openssh-server ssl-cert
The following packages will be upgraded:
  amarok amarok-xine apt apt-utils avahi-autoipd avahi-daemon ca-certificates cupsys cupsys-bsd cupsys-client cupsys-common
  flashplugin-nonfree ghostscript ghostscript-x gs-common gs-esp gstreamer0.10-esd gstreamer0.10-plugins-good kdelibs-data
  kdelibs4c2a koffice-data koffice-libs krita krita-data libavahi-client3 libavahi-common-data libavahi-common3
  libavahi-compat-libdnssd1 libavahi-core5 libavahi-glib1 libavahi-qt3-1 libavcodec1d libavutil1d libcupsimage2 libcupsys2
  libgs8 libhsqldb-java libpoppler-glib2 libpoppler-qt2 libpoppler2 libpostproc1d libspeex1 libssl0.9.8 mozilla-thunderbird
  mplayer network-manager-gnome openoffice.org openoffice.org-base openoffice.org-calc openoffice.org-common
  openoffice.org-core openoffice.org-draw openoffice.org-filter-mobiledev openoffice.org-gtk openoffice.org-impress
  openoffice.org-java-common openoffice.org-math openoffice.org-style-human openoffice.org-writer openssl poppler-utils
  python-uno rsync ssh-askpass-gnome thunderbird ttf-opensymbol
66 upgraded, 0 newly installed, 0 to remove and 3 not upgraded.
Need to get 175MB of archives.
After unpacking 373kB of additional disk space will be used.
Do you want to continue [Y/n]? 
@Husse - This is why I have always used apt rather than MintUpdate Husse, it just doesn't seem to work under Daryna ??

I'm not sure why the SSL packages have been kept back though ???
I'll investigate further ....

EDIT1: I had to use the --force-yes option with apt to get the openssh-client openssh-server ssl-cert packages to install, not sure why though ??
But all is well again now !
I think MintUpdate still needs looking at :)

EDIT2: Interesting to note that the Ubuntu 7.1 Update Manager found and installed the SSL security updates without any problems at all !

Mike.
User avatar
newW2
Level 5
Level 5
Posts: 821
Joined: Fri Apr 06, 2007 10:24 am
Location: USA

Re: Please update your system - dangerous security flaw

Post by newW2 »

I had to refresh mintUpdate in Daryna twice to see this update; Elyssa had no problem it was there waiting for me to update.
miket

Re: Please update your system - dangerous security flaw

Post by miket »

Hi !
newW2 wrote:I had to refresh mintUpdate in Daryna twice to see this update; Elyssa had no problem it was there waiting for me to update.
I think the worrying thing here is that if I relied solely on Mint-Update I would miss out on a lot updates for packages which I have installed/use.

At least having apt on the CLI it gives me the ability to check what is going on :)

Mike.
Locked

Return to “Releases & Announcements”