Siduction Forum
Siduction Forum => Upgrade Warnings => Topic started by: musca on 2014/04/08, 01:45:01
-
Hello,
see this security annoucement https://lists.debian.org/debian-security-announce/2014/msg00071.html (https://lists.debian.org/debian-security-announce/2014/msg00071.html)
please update to openssl 1.0.1g-1 as soon as possible.
At the moment the security update is still in incoming.
Please use this command for amd64 systems:
cd /var/cache/apt/archives/
wget -Nc http://incoming.debian.org/openssl_1.0.1g-1_amd64.deb
dpkg -i openssl_1.0.1g-1_amd64.deb
in about 4 hours you can use apt-get update && apt-get install openssl libssl1.0.0
greetings
musca
-
Thank You, musca.
-
openssl 1.0.1g-1 now in the regular sid repository (germany), so no need to wget it.
-
Any one whom has a cert or generated Keys with a vulnerable version of OpenSSL is recommended to generate a new keys
-
The package libssl1.0.0 is more important than openssl itself, as theyare the runtime libraries for apache-ssl, telnet-ssl, openssh and others.
greetz
devil
-
I'm a bit worried about 1.0.2~beta1-1 in experimental as I read somewhere that that version is vulnerable too? I don't have it installed but I hope it won't find its way into Sid...
-
When it comes to security, Debian can be fully trusted. A lot of things in experimental never make it anywhere.
greetz
devil
-
I'm a bit worried about 1.0.2~beta1-1 in experimental as I read somewhere that that version is vulnerable too? I don't have it installed but I hope it won't find its way into Sid...
The ONLY way such an experimental package makes it into Sid is if it passes muster and that no showstopper bugs are present in such package. People can test such a package but certainly NOT on a production system!