Please update your system - dangerous security flaw
Forum rules
Section reserved for the team. You can reply to announcements here but not post new topics. Do not add support questions to threads here, use the appropriate support forum instead.
Section reserved for the team. You can reply to announcements here but not post new topics. Do not add support questions to threads here, use the appropriate support forum instead.
Please update your system - dangerous security flaw
A security flaw has been discovered in SSL
http://news.softpedia.com/news/Weakness ... 5563.shtml
At first I thought this was server side only, but today there are updates to SSL so I urge you to update. This is potentially very dangerous because if SSL does not work things like banking transactions are insecure
Edit//
Clem pointed out that to increase stability you may want to only select the SSL/SSH related updates
(Clear all and then select)
http://news.softpedia.com/news/Weakness ... 5563.shtml
At first I thought this was server side only, but today there are updates to SSL so I urge you to update. This is potentially very dangerous because if SSL does not work things like banking transactions are insecure
Edit//
Clem pointed out that to increase stability you may want to only select the SSL/SSH related updates
(Clear all and then select)
- GrayWizardLinux
- Level 6
- Posts: 1232
- Joined: Wed Sep 12, 2007 5:47 pm
- Location: Anywhere I Am!
Re: Please update your system - dangerous security flaw
Thanks for the heads up Husse!
Linux Mint - Pure Bliss!
Re: Please update your system - dangerous security flaw
I appreciate the heads up, but I'm already good to go.
Re: Please update your system - dangerous security flaw
Thanks for the info Husse
hippy
"To touch the earth is to have harmony with nature." Oglala Sioux
"To touch the earth is to have harmony with nature." Oglala Sioux
Re: Please update your system - dangerous security flaw
Hi Husse !
I just ran Mintupdate on my Daryna machine and there were no updates to be had ?
Mike.
Is this for Mint 4 or Mint 5 ?Husse wrote:A security flaw has been discovered in SSL
http://news.softpedia.com/news/Weakness ... 5563.shtml
At first I thought this was server side only, but today there are updates to SSL so I urge you to update. This is potentially very dangerous because if SSL does not work things like banking transactions are insecure
I just ran Mintupdate on my Daryna machine and there were no updates to be had ?
Mike.
- Zwopper
- Level 10
- Posts: 3054
- Joined: Fri Nov 30, 2007 12:20 pm
- Location: Deep in the Swedish woods
- Contact:
Re: Please update your system - dangerous security flaw
My Daryna found the updates!
Try
and then refresh mintUpdate again.
Try
Code: Select all
apt update
My artwork at deviantART | My Band - Electric Alchemea
CREA DIEM!
Lenovo U330P | i5 | 16GB | 128GB - SSD | Elemantary OS 0.4
Re: Please update your system - dangerous security flaw
Same here, and I'm using Elyssa beta as well as Xfce beta.Is this for Mint 4 or Mint 5 ?
I just ran Mintupdate on my Daryna machine and there were no updates to be had ?
Using Mint as primary OS since 2006.
- GrayWizardLinux
- Level 6
- Posts: 1232
- Joined: Wed Sep 12, 2007 5:47 pm
- Location: Anywhere I Am!
Re: Please update your system - dangerous security flaw
Daryna - used mint update - no updates - hit refresh and a bunch of updates appear. Try refreshing, that should help!!!
Linux Mint - Pure Bliss!
Re: Please update your system - dangerous security flaw
It is a bit of a mystery why updates don't always show up
Should have included this
http://www.ubuntu.com/usn/usn-612-1
Have been used to create an OpenSSH key or X.509 (SSL) certificate.
I don't know the handshaking procedure when you for instance connect to your bank to know if the client produces a key, but we got the updates fast....
Should have included this
This is fromSystems which are running any of the following releases: * Ubuntu 7.04 (Feisty) * Ubuntu 7.10 (Gutsy) * Ubuntu 8.04 LTS (Hardy) * Ubuntu "Intrepid Ibex" (development): libssl <= 0.9.8g-8 * Debian 4.0 (etch) (see corresponding Debian security advisory)
and have openssh-server installed or have been used to create an OpenSSH key or X.509 (SSL) certificate.
All OpenSSH and X.509 keys generated on such systems must be considered untrustworthy, regardless of the system on which they are used, even after the update has been applied.
http://www.ubuntu.com/usn/usn-612-1
Have been used to create an OpenSSH key or X.509 (SSL) certificate.
I don't know the handshaking procedure when you for instance connect to your bank to know if the client produces a key, but we got the updates fast....
Re: Please update your system - dangerous security flaw
OK, that worked. Thanks!GrayWizardLinux wrote:Daryna - used mint update - no updates - hit refresh and a bunch of updates appear. Try refreshing, that should help!!!
Using Mint as primary OS since 2006.
- GrayWizardLinux
- Level 6
- Posts: 1232
- Joined: Wed Sep 12, 2007 5:47 pm
- Location: Anywhere I Am!
Re: Please update your system - dangerous security flaw
Husse - after the install I had the ball spinning - had to force quit and reboot and still had issues and tried to check for updates. but problems - then it checked and all was fine. this morning the website was down and the website was stalling when i was doing this so that could have been a problem. the site had issues 2x today for your info. I did check the updates and it said system was in order.
Linux Mint - Pure Bliss!
Re: Please update your system - dangerous security flaw
I know. the site had issues 2x today for your info
Got this from Clem
Michael is d00p our server admint was due to a library update on the server. Since we're using Gentoo we had to recompile Apache
Michael fixed the problem quite fast and things were up and running again.
- GrayWizardLinux
- Level 6
- Posts: 1232
- Joined: Wed Sep 12, 2007 5:47 pm
- Location: Anywhere I Am!
Re: Please update your system - dangerous security flaw
I figured you guys new that - just posting info though! Thank you Husse!
Linux Mint - Pure Bliss!
Re: Please update your system - dangerous security flaw
Thanks for the heads up!
I only install levels 1 & 2 automatically. Is libssl0.9.8 the only one I need to update (it's listed as a level 3)?
I only install levels 1 & 2 automatically. Is libssl0.9.8 the only one I need to update (it's listed as a level 3)?
- GrayWizardLinux
- Level 6
- Posts: 1232
- Joined: Wed Sep 12, 2007 5:47 pm
- Location: Anywhere I Am!
Re: Please update your system - dangerous security flaw
I have been told that 1,2,and 3 are Ok - I have and no issues the last 2 updates since I installed Daryna a couple/few weeks ago.
Kenetics - Glad it worked!
(you have a cleaner penguin to use on the other forum --- removed a lot of the white from the edge if you want it for your avatar. The last one is the best on a black background)
Kenetics - Glad it worked!
(you have a cleaner penguin to use on the other forum --- removed a lot of the white from the edge if you want it for your avatar. The last one is the best on a black background)
Linux Mint - Pure Bliss!
- GrayWizardLinux
- Level 6
- Posts: 1232
- Joined: Wed Sep 12, 2007 5:47 pm
- Location: Anywhere I Am!
Re: Please update your system - dangerous security flaw
yes - that was the major security issue from what I understand.
I believe with Celena I did 1 and 2 but Clem and others seem to say that 1, 2, and 3 are safe and tested as such. Maybe tested wasn't the right word.
in the linux mint daryna guide 3 is Ok but not as safe as 1 and 2 but recommended I guess.
p.s. I added level 3 before and never had issues but I went into preferences myself and decided to use 1 and 2 only - so whatever level 3 occurred in the past and earlier today is done and that is the wasy it goes I guess. 1, 2, and 3 are on by default...so they must think that they are generally safe. level 1 and 2 are tested.
I believe with Celena I did 1 and 2 but Clem and others seem to say that 1, 2, and 3 are safe and tested as such. Maybe tested wasn't the right word.
in the linux mint daryna guide 3 is Ok but not as safe as 1 and 2 but recommended I guess.
p.s. I added level 3 before and never had issues but I went into preferences myself and decided to use 1 and 2 only - so whatever level 3 occurred in the past and earlier today is done and that is the wasy it goes I guess. 1, 2, and 3 are on by default...so they must think that they are generally safe. level 1 and 2 are tested.
Linux Mint - Pure Bliss!
Re: Please update your system - dangerous security flaw
Hi Zwopper !
stop Mint form working correctly, thus I tried the way that Husse recommended, MintUpdate ONLY, which as per my previous experience
didn't work !
Clicking refresh makes no difference either !
According to mint Update there are no updates to be had
I'll now go back to my normal way of doing things, from the CLI !
Mike.
Yes I normally do all my updates that way, but Husse says not to use apt on the CLI as you could get kernel updates which wouldZwopper wrote:My Daryna found the updates!
Tryand then refresh mintUpdate again.Code: Select all
apt update
stop Mint form working correctly, thus I tried the way that Husse recommended, MintUpdate ONLY, which as per my previous experience
didn't work !
Clicking refresh makes no difference either !
According to mint Update there are no updates to be had
I'll now go back to my normal way of doing things, from the CLI !
Mike.
Re: Please update your system - dangerous security flaw
Hi Again !
Ok, MintUpdate says there is nothing new to install ....
apt-get update && apt-get upgrade shows the following :
@Husse - This is why I have always used apt rather than MintUpdate Husse, it just doesn't seem to work under Daryna ??
I'm not sure why the SSL packages have been kept back though ???
I'll investigate further ....
EDIT1: I had to use the --force-yes option with apt to get the openssh-client openssh-server ssl-cert packages to install, not sure why though ??
But all is well again now !
I think MintUpdate still needs looking at
EDIT2: Interesting to note that the Ubuntu 7.1 Update Manager found and installed the SSL security updates without any problems at all !
Mike.
Ok, MintUpdate says there is nothing new to install ....
apt-get update && apt-get upgrade shows the following :
Code: Select all
apt-get upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages have been kept back:
openssh-client openssh-server ssl-cert
The following packages will be upgraded:
amarok amarok-xine apt apt-utils avahi-autoipd avahi-daemon ca-certificates cupsys cupsys-bsd cupsys-client cupsys-common
flashplugin-nonfree ghostscript ghostscript-x gs-common gs-esp gstreamer0.10-esd gstreamer0.10-plugins-good kdelibs-data
kdelibs4c2a koffice-data koffice-libs krita krita-data libavahi-client3 libavahi-common-data libavahi-common3
libavahi-compat-libdnssd1 libavahi-core5 libavahi-glib1 libavahi-qt3-1 libavcodec1d libavutil1d libcupsimage2 libcupsys2
libgs8 libhsqldb-java libpoppler-glib2 libpoppler-qt2 libpoppler2 libpostproc1d libspeex1 libssl0.9.8 mozilla-thunderbird
mplayer network-manager-gnome openoffice.org openoffice.org-base openoffice.org-calc openoffice.org-common
openoffice.org-core openoffice.org-draw openoffice.org-filter-mobiledev openoffice.org-gtk openoffice.org-impress
openoffice.org-java-common openoffice.org-math openoffice.org-style-human openoffice.org-writer openssl poppler-utils
python-uno rsync ssh-askpass-gnome thunderbird ttf-opensymbol
66 upgraded, 0 newly installed, 0 to remove and 3 not upgraded.
Need to get 175MB of archives.
After unpacking 373kB of additional disk space will be used.
Do you want to continue [Y/n]?
I'm not sure why the SSL packages have been kept back though ???
I'll investigate further ....
EDIT1: I had to use the --force-yes option with apt to get the openssh-client openssh-server ssl-cert packages to install, not sure why though ??
But all is well again now !
I think MintUpdate still needs looking at
EDIT2: Interesting to note that the Ubuntu 7.1 Update Manager found and installed the SSL security updates without any problems at all !
Mike.
Re: Please update your system - dangerous security flaw
I had to refresh mintUpdate in Daryna twice to see this update; Elyssa had no problem it was there waiting for me to update.
Re: Please update your system - dangerous security flaw
Hi !
At least having apt on the CLI it gives me the ability to check what is going on
Mike.
I think the worrying thing here is that if I relied solely on Mint-Update I would miss out on a lot updates for packages which I have installed/use.newW2 wrote:I had to refresh mintUpdate in Daryna twice to see this update; Elyssa had no problem it was there waiting for me to update.
At least having apt on the CLI it gives me the ability to check what is going on
Mike.