Page 3 of 3 FirstFirst 123
Results 21 to 28 of 28

Thread: What should we users do immediately about the heartbleed heartbeet openssl saucy flaw

  1. #21
    Join Date
    Nov 2009
    Beans
    3,225

    Re: What should we users do immediately about the heartbleed heartbeet openssl saucy

    See Post #2, Post #11 and Post #15 - as the build date seems important - for when a patch was applied.

    Your build date is in the second line

    OpenSSL 1.0.1e 11 Feb 2013
    built on: Mon Apr 7 20:31:43 UTC 2014
    platform: debian-i386

  2. #22
    Join Date
    Feb 2014
    Beans
    6

    Re: What should we users do immediately about the heartbleed heartbeet openssl saucy

    Quote Originally Posted by 23dornot23d View Post
    See Post #2, Post #11 and Post #15 - as the build date seems important - for when a patch was applied.

    Your build date is in the second line
    Good advice but what has confused me is this from post #1

    Affected versions: OpenSSL versions from 1.0.1 to 1.0.1f.
    The vulnerability has been fixed in OpenSSL 1.0.1g.

  3. #23
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: What should we users do immediately about the heartbleed heartbeet openssl saucy

    All the affected versions are still running 1.0.1e, even on CentOS, so they probably just rebuild that version with the patch instead of upgrading to the newer version.
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

  4. #24
    Join Date
    Jan 2013
    Beans
    48
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: What should we users do immediately about the heartbleed heartbeet openssl saucy

    Quote Originally Posted by dad2 View Post
    Good advice but what has confused me is this from post #1

    Affected versions: OpenSSL versions from 1.0.1 to 1.0.1f.
    The vulnerability has been fixed in OpenSSL 1.0.1g.
    Again, dad2, read the earlier responses, particularly:

    Quote Originally Posted by 23dornot23d View Post
    See Post #2, Post #11 and Post #15 - as the build date seems important - for when a patch was applied.

    Your build date is in the second line
    This means that even though 1.0.1e contained the heartbleed vulnerability when it was first released, the package maintainers have since applied a code patch which closes the vulnerability, and uploaded the patched binaries to the repository. As long as your build date is after this happened (on April 7) you're safe.

  5. #25
    Join Date
    Sep 2009
    Beans
    1

    Re: What should we users do immediately about the heartbleed heartbeet openssl saucy

    I suppose you could use this PPA: ppa:george-edison55/openssl-heartbleed-fix to update your openssl package.
    I really have no clue if this would help end users, I did this since i run a development server which uses some SSL certs.

    $ sudo apt-add-ppa-repository ppa:george-edison55/openssl-heartbleed-fix
    $ sudo apt-get update
    $ sudo apt-get upgrade

    Done..
    Hope this helps.

  6. #26
    Join Date
    Nov 2008
    Location
    Metro Boston
    Beans
    9,171
    Distro
    Kubuntu 14.04 Trusty Tahr

    Re: What should we users do immediately about the heartbleed heartbeet openssl saucy

    It's not necessary to use a PPA. The current repository version contains the patch.

    Security patches are often "backported" and applied to the current release version of a package without a major version change. That's what happened here.
    If you ask for help, please have the courtesy to check for responses and thank the people who helped you.

    Blog · Linode System Administration Guides · Android Apps for Ubuntu Users

  7. #27
    Join Date
    Jan 2007
    Location
    Rockport, MA
    Beans
    152
    Distro
    Ubuntu Gnome 14.04 Trusty Tahr

    Heartbleed Status: Upgrading to Heartbreak

    Hi,

    As someone using Ubuntu and concerned about security I have of course tried to understand the true implications of Heartbleed. There's been a lot of hype and misinformation, so I was really pleased to come across a piece on Hearbleed that went a little deeper and explains what is really going on and suggest solutions:


    https://vivaldi.net/blogs/entry/hear...-to-heartbreak

  8. #28
    Join Date
    Mar 2006
    Location
    Williams Lake
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: What should we users do immediately about the heartbleed heartbeet openssl saucy

    Merged two similar threads.

Page 3 of 3 FirstFirst 123

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •