The bigger problem will be any websites that haven't patched their ssl connection softwared..
--they should be indicating that they have applied a fix; at which point the connecting user can change their password, if it is a subscriber based site or an email supplier, google etc..
OpenSSL patch for heartbleed
Forum rules
LMDE 2 has reached end of support as of 1-1-2019
LMDE 2 has reached end of support as of 1-1-2019
Re: OpenSSL patch for heartbleed
I did, and I do have the 1.0.1e-3ubuntu1.2 - thank you for the clarification. I figured the LMDE solution would be similar for Mint 16 - and to an effect it was... the upgrade and dist-upgrade backported (though that was not clear until eanfrid pointed me to his other replies in different threads. I weaved together a solution and am updated on my machine and my two kids' Mint 16 boxes (whole family is networked and solid linux).py-thon wrote:@myrkat
So you should check in synaptic to get the exact version which openssl version -a obviously doesn't (it shows the build date but not the complete version name).
Depending on the Mint version it should show
1.0.1e-3ubuntu1.2 (on Mint 16, which you are talking about)
1.0.1-4ubuntu5.12 (on Mint 13)
1.0.1g-2 (on LMDE, which this thread is about)
Main Comp: i7-4770K @ 3.5GHz + nVidia 760GTX + 16GB RAM + SSD + HDD²
Linux Mint 17.2 - KDE 4.14.2 - kernel 3.16.0-38-generic
Join me and become a Linux Mint Community Sponsor and share some love! (for as little as USD$20 a month)
Linux Mint 17.2 - KDE 4.14.2 - kernel 3.16.0-38-generic
Join me and become a Linux Mint Community Sponsor and share some love! (for as little as USD$20 a month)
-
- Level 3
- Posts: 181
- Joined: Mon Mar 22, 2010 2:48 pm
Re:
I appreciate that no problem. I'm not suggesting for a minute they're interested in me, but some boring targets may indeed have potential for financial gain. I think it's foolish to second guess what hackers may and may not do but that's just me. I wasn't too worried hence I put "I'm planning on updating to Mint 17 end of May anyway". This was something I started to remedy, had a problem and thought, I may as well try to fix it.Lingula wrote:It's a relatively low risk security hole for the average user a desktop-oriented OS.
Hackers are unlikely to take the time to retrieve tiny chunks of data repeatedly from a boring target with no potential for financial gain.
Besides, every important site I use came up good in this filippo.io/Heartbleed/ except hotmail.com (which wasn't affected anyway (I found out later)) so I relaxed.
@eanfrid thanks for the links, very good. I of course also used the search but ended up here. [ I think the title "OpenSSL patch for heartbleed" threw me ]
This particular link from the other thread was very helpful http://mashable.com/2014/04/09/heartble ... affected/
Many thank to all
-
- Level 3
- Posts: 181
- Joined: Mon Mar 22, 2010 2:48 pm
Re: OpenSSL patch for heartbleed
Also I have, to admit ignorance, I misunderstood the meaning of "long term release".
I thought LM14, LM 15 and LM16 were maintained until along with LM13 and they all ended when support for LM13 finished. I didn't realise they only had 9 months after each release. My bad.
I suspect other users may not be aware of this and that their packages are very out of date (even though they're technically up to date for that release).
If "built on" is on or after April 7 2014, you’re in the clear."
From:
http://www.digitaltrends.com/computing/ ... nssl-flaw/
I thought LM14, LM 15 and LM16 were maintained until along with LM13 and they all ended when support for LM13 finished. I didn't realise they only had 9 months after each release. My bad.
I suspect other users may not be aware of this and that their packages are very out of date (even though they're technically up to date for that release).
Code: Select all
sudo openssl version -a
If "built on" is on or after April 7 2014, you’re in the clear."
From:
http://www.digitaltrends.com/computing/ ... nssl-flaw/
Re: OpenSSL patch for heartbleed
FWIW...
(On Mint 15/386)
I performed:
wget http://packages.linuxmint.com/pool/upst ... 2_i386.deb
and
sudo dpkg -i openssl_1.0.1g-2_i386.deb
to effect the update.
(On Mint 15/386)
I performed:
wget http://packages.linuxmint.com/pool/upst ... 2_i386.deb
and
sudo dpkg -i openssl_1.0.1g-2_i386.deb
to effect the update.
Re: OpenSSL patch for heartbleed
FYI: I've used dist-upgrade on ubuntu/mint for years and have NEVER broke anything.killer de bug wrote:I know exactly how dist-upgrade and upgrade work, thank you.py-thon wrote:This has nothing to do with being based on Ubuntu or Debian directly.
I repeat :
- Rolling distro : dist-upgrade or you will break everything sooner or later (LMDE case)
- Frozen snapshot, no big upgrade in soft, only security fix and minor revision, so upgrade.
Re: OpenSSL patch for heartbleed
This version is no longer supported and thus might (I haven't checked) have other security issues apart from heartbleed.chuckatpdo wrote:(On Mint 15/386)