Welcome, Guest. Please login or register.
Did you miss your activation email?

Author Topic:  urgent: openssl 1.0.1g-1 security patch  (Read 3894 times)

Offline musca

  • User
  • Posts: 725
  • sid, fly high!
urgent: openssl 1.0.1g-1 security patch
« on: 2014/04/08, 01:45:01 »
Hello,

see this security annoucement https://lists.debian.org/debian-security-announce/2014/msg00071.html

please update to openssl 1.0.1g-1 as soon as possible.
At the moment the security update is still in incoming.

Please use this command for amd64 systems:
Code: [Select]
cd /var/cache/apt/archives/
wget -Nc http://incoming.debian.org/openssl_1.0.1g-1_amd64.deb
dpkg -i openssl_1.0.1g-1_amd64.deb

in about 4 hours you can use
Code: [Select]
apt-get update && apt-get install openssl libssl1.0.0
greetings
musca
« Last Edit: 2014/04/08, 23:52:38 by devil »
β€žEs irrt der Mensch, solang er strebt.β€œ  (Goethe, Faust)

Offline GoinEasy9

  • User
  • Posts: 560
Re: urgent: openssl 1.0.1g-1 security patch
« Reply #1 on: 2014/04/08, 05:31:17 »
Thank You, musca.
Linux Counter number 348347

Offline michaa7

  • User
  • Posts: 2.295
Re: urgent: openssl 1.0.1g-1 security patch
« Reply #2 on: 2014/04/08, 13:36:15 »
 openssl 1.0.1g-1 now in the regular sid repository (germany), so no need to wget it.
« Last Edit: 2014/04/08, 13:59:30 by michaa7 »
Ok, you can't code, but you still might be able to write a bug report for Debian's sake

Offline terroreek

  • User
  • Posts: 202
Re: urgent: openssl 1.0.1g-1 security patch
« Reply #3 on: 2014/04/08, 22:55:57 »
Any one whom has a cert or generated Keys with a vulnerable version of OpenSSL is recommended to generate a new keys

Offline devil

  • Administrator
  • User
  • *****
  • Posts: 4.838
Re: urgent: openssl 1.0.1g-1 security patch
« Reply #4 on: 2014/04/08, 23:56:32 »
The package libssl1.0.0 is more important than openssl itself, as theyare the runtime libraries for apache-ssl, telnet-ssl, openssh and others.


greetz
devil

Offline spacepenguin

  • User
  • Posts: 862
    • spacepenguin.de
Re: urgent: openssl 1.0.1g-1 security patch
« Reply #5 on: 2014/04/15, 06:45:30 »
I'm a bit worried about 1.0.2~beta1-1 in experimental as I read somewhere that that version is vulnerable too? I don't have it installed but I hope it won't find its way into Sid...
Susan | Hardware: SysProfile
Music-Profile: http://www.last.fm/de/user/spacepengu

Offline devil

  • Administrator
  • User
  • *****
  • Posts: 4.838
Re: urgent: openssl 1.0.1g-1 security patch
« Reply #6 on: 2014/04/15, 07:38:15 »
When it comes to security, Debian can be fully trusted. A lot of things in experimental never make it anywhere.


greetz
devil

Offline DeepDayze

  • User
  • Posts: 457
Re: urgent: openssl 1.0.1g-1 security patch
« Reply #7 on: 2014/04/18, 17:09:09 »
I'm a bit worried about 1.0.2~beta1-1 in experimental as I read somewhere that that version is vulnerable too? I don't have it installed but I hope it won't find its way into Sid...

The ONLY way such an experimental package makes it into Sid is if it passes muster and that no showstopper bugs are present in such package. People can test such a package but certainly NOT on a production system!