Heartbleed

Started by blueisaak, April 10, 2014, 04:53:24 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

blueisaak

April 10, 2014, 04:53:24 PM
Hi,

tried to pach debian on A20 for Heartbleed. But it seems the standard repositories haven't been updated jet.
After:
Code Select
sudo apt-get update
sudo apt-get install -y libssl1.0.0 openssl
openssl version still shows OpenSSL 1.0.1e

Has anyone any ides how to get a easy update

Thanks in advance
Isaak

hnb2907

#1
April 10, 2014, 05:11:55 PM
Hi,

Not sure if it helps...
I pointed http://filippo.io/Heartbleed/ at my https server (running on a installation based on the olimex/debian image) last night, and it said it was ok.

Cheers,
Chris.

blueisaak

#2
April 10, 2014, 09:14:42 PM
Well well,

shame on me; did the update but forgot to restart all services. Now after the good old "Have you tried to tun it off and on again?"(reboot) the test on http://filippo.io/Heartbleed results in a "All good".

Although all sites tell me if the Openssl version is 1.0.1e and from before 09.04.2014 it is bad...

But anyway thanks!
Cheers Isaaak

hnb2907

#3
April 10, 2014, 10:56:17 PM
If I read it correctly somewhere, the version in the repo's we're point to, has been patched with a fix?

C.

blueisaak

#4
April 11, 2014, 09:35:15 AM
Hi,

these are the repos listed in my /etc/apt/sources.list:
Code Select

deb http://ftp.debian.org/debian/ wheezy main contrib non-free
deb-src http://ftp.debian.org/debian/ wheezy main contrib non-free

and it looks like they are not patched. This morning I ran the test again and it failed.

Still looking for a solution.

Cheers

hnb2907

#5
April 11, 2014, 09:38:40 PM
hmmm, I've retested my site, and now it also fails.  I noticed that http://filippo.io/Heartbleed/ has changed, so maybe the test is more vigorous now.


C.

PaceyIV

#6
April 12, 2014, 05:58:07 PM
Quote from: blueisaak on April 11, 2014, 09:35:15 AM
Still looking for a solution.

You should change your source.list with the lines below to enable security updates!

Code Select

deb http://ftp.debian.org/debian/ wheezy main contrib non-free
deb-src http://ftp.debian.org/debian/ wheezy main contrib non-free

deb http://http.debian.net/debian wheezy-updates main contrib non-free
deb-src http://http.debian.net/debian wheezy-updates main contrib non-free

deb http://security.debian.org/debian-security wheezy/updates main contrib non-free
deb-src http://security.debian.org/ wheezy/updates main contrib non-free

hnb2907

#7
April 12, 2014, 09:54:49 PM
Thanks PaceyIV, all good now for me :)

I wouldn't have known which repo's to add!
Print
Go Up Pages1
User actions