urgent: openssl 1.0.1g-1 security patch

musca · 2014/04/08, 01:45:01

Hello,

see this security annoucement https://lists.debian.org/debian-security-announce/2014/msg00071.html

please update to openssl 1.0.1g-1 as soon as possible.
At the moment the security update is still in incoming.

Please use this command for amd64 systems:

Code Select


cd /var/cache/apt/archives/
wget -Nc http://incoming.debian.org/openssl_1.0.1g-1_amd64.deb
dpkg -i openssl_1.0.1g-1_amd64.deb

in about 4 hours you can use

Code Select

apt-get update && apt-get install openssl libssl1.0.0

greetings
musca

GoinEasy9 · 2014/04/08, 05:31:17

Thank You, musca.

michaa7 · 2014/04/08, 13:36:15

openssl 1.0.1g-1 now in the regular sid repository (germany), so no need to wget it.

terroreek · 2014/04/08, 22:55:57

Any one whom has a cert or generated Keys with a vulnerable version of OpenSSL is recommended to generate a new keys

devil · 2014/04/08, 23:56:32

The package libssl1.0.0 is more important than openssl itself, as theyare the runtime libraries for apache-ssl, telnet-ssl, openssh and others.

greetz
devil

spacepenguin · 2014/04/15, 06:45:30

I'm a bit worried about 1.0.2~beta1-1 in experimental as I read somewhere that that version is vulnerable too? I don't have it installed but I hope it won't find its way into Sid...

devil · 2014/04/15, 07:38:15

When it comes to security, Debian can be fully trusted. A lot of things in experimental never make it anywhere.

greetz
devil

DeepDayze · 2014/04/18, 17:09:09

Quote from: spacepenguin on 2014/04/15, 06:45:30
I'm a bit worried about 1.0.2~beta1-1 in experimental as I read somewhere that that version is vulnerable too? I don't have it installed but I hope it won't find its way into Sid...

The ONLY way such an experimental package makes it into Sid is if it passes muster and that no showstopper bugs are present in such package. People can test such a package but certainly NOT on a production system!