-
URGENT: Please consider updating asap libSSL to version 1.0.1g, cf: CVE-2014-0160
Hello,
This week is going to be quite interesting...
Now that the word has been released it will be a world wide a race between
the Hackers and the Sys Admins trying to fix this nasty "Heart Bleed"
libSSL bug before too much "cloud data" get stolen & users get very upset.
Please consider updating asap libSSL to version 1.0.1g, cf: CVE-2014-0160
https://heartbleed.com/
http://filippo.io/Heartbleed/
http://blog.existentialize.com/diagn...bleed-bug.html
Cheers,
Gilles
-
Senior Member
registered user
![Quote](images/misc/quote_icon.png)
Originally Posted by
ruymbeke
Please consider updating asap libSSL to version 1.0.1g, cf: CVE-2014-0160
Gilles
Greetings, Gilles.
Thanks for the warning.
FYI, reloading Synaptic on Knoppix 7.2 gives only an upgrade to 1.0.1e2,
which your references say is still vulnerable.
How would inexpert users like myself bring in libSSL 1.0.1g?
Also, for information, if users like myself are only using the stock
Knoppix LiveUSB with no additional ports left open, might this precaution
be unnecessary?
Code:
Starting Nmap 6.00 ( http://nmap.org ) at 2014-04-09 10:57 UTC
Nmap scan report for 192.168.1.3
Host is up (0.00057s latency).
All 1000 scanned ports on 192.168.1.3 are closed
Nmap done: 1 IP address (1 host up) scanned in 0.11 second
Thanks & Best Regards.
-
Hi Utu,
As always there are more than one way to solve a problem.
To patch your setup with synaptic (as root) you need to:
1) Reload package information (under the edit menu)
2) Search for "libSSL" and select (left click) on "libssl1.0.0"
3) Choose "force version" (under the edit menu) and select "1.0.1g-2 (testing)"
4) Apply button after accept & confirm the changes ("Mark", "Ok" & "Forward" buttons)
5) Check the libSSL "g" version: using: "openssl version"
OpenSSL 1.0.1c 10 May 2012 (Library: OpenSSL 1.0.1g 7 Apr 2014)
Hope this helps,
Best Regards,
Gilles
PS: This vulnerability is really an serious issue for the servers using SSL
(as the web server Apache) and which are connected to the public Internet.
-
Senior Member
registered user
![Quote](images/misc/quote_icon.png)
Originally Posted by
ruymbeke
3) Choose "force version" (under the edit menu) and select "1.0.1g-2 (testing)"
Thanks, Gilles. This worked like a charm.
Code:
knoppix@Microknoppix:~$ openssl version
OpenSSL 1.0.1e 11 Feb 2013 (Library: OpenSSL 1.0.1g 7 Apr 2014)
I got this probably since I upgrated to g1 first, then g2.
Last edited by utu; 04-09-2014 at 08:11 PM.
-
This vulnerability is really an serious issue for the
servers using SSL
(as the web server Apache) and which are
connected to the public Internet.
I hope nobody will do this with Knoppix. If you want to offer services like for example Apache, Exim and so on you cannot use a LiveCD like Knoppix for this.
Last edited by Werner P. Schulz; 04-09-2014 at 09:43 PM.
-
Senior Member
registered user
.
In using Knoppix to make internet contact with sites such as
Amazon or Yahoo, I may transmit private information, expecting
the communication is secure using the https protocol to
communicate.
Does my OS's implementation of SSL make any difference
in the security of this communication or is it only the
SSL implementation of the https site that is important?
-
If you communicate with Amazon or Yahoo you are on the client side, not the server.
But you should change your password as soon as possible and never use the same password for different connections, email and so on.
-
Senior Member
registered user
.
For those who don't follow the mailing list, here's KK's clarification on this topic:
https://lists.debian.org/debian-knop.../msg00004.html
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
![Dell SNPTP9W1C/16G 16 GB 2666MHz (PC4-2666) Memory Ram picture](/store/img/g/JKYAAOSwpONmaNJP/s-l225/Dell-SNPTP9W1C-16G-16-GB-2666MHz-PC4-2666-Memory-R.jpg)
Dell SNPTP9W1C/16G 16 GB 2666MHz (PC4-2666) Memory Ram
$34.95
![Micron 8GB DDR4 1Rx16 PC4-3200AA Laptop RAM Memory MTA4ATF1G64HZ-3G2E2 picture](/store/img/g/PxMAAOSw~T1mYfdq/s-l225/Micron-8GB-DDR4-1Rx16-PC4-3200AA-Laptop-RAM-Memory.jpg)
Micron 8GB DDR4 1Rx16 PC4-3200AA Laptop RAM Memory MTA4ATF1G64HZ-3G2E2
$10.00
![A-Tech 8GB DDR3 1600 PC3-12800 Laptop SODIMM 204-Pin Memory RAM PC3L DDR3L 1x 8G picture](/store/img/g/RCAAAOSweqdeWaui/s-l225/A-Tech-8GB-DDR3-1600-PC3-12800-Laptop-SODIMM-204-P.jpg)
A-Tech 8GB DDR3 1600 PC3-12800 Laptop SODIMM 204-Pin Memory RAM PC3L DDR3L 1x 8G
$13.99
![Patriot Viper Steel RGB DDR4 RAM 16GB (2X8GB) 3200Mhz CL18 UDIMM Desktop Gaming picture](/store/img/g/QD0AAOSwEO5mfEv0/s-l225/Patriot-Viper-Steel-RGB-DDR4-RAM-16GB-2X8GB-3200Mh.jpg)
Patriot Viper Steel RGB DDR4 RAM 16GB (2X8GB) 3200Mhz CL18 UDIMM Desktop Gaming
$58.84
![Lot Samsung 360GB (45x8GB) PC3-10600 DDR3-1333MHz ECC Reg Server Memory Ram picture](/store/img/g/J74AAOSwbUNmfEo0/s-l225/Lot-Samsung-360GB-45x8GB-PC3-10600-DDR3-1333MHz-EC.jpg)
Lot Samsung 360GB (45x8GB) PC3-10600 DDR3-1333MHz ECC Reg Server Memory Ram
$64.95
![NEW OLOy 16GB 2x8GB KIT DDR4-3000 PC4-24000 Desktop Gaming RAM MD4U0830160BB1ST picture](/store/img/g/k~8AAOSwIBdmZRfq/s-l225/NEW-OLOy-16GB-2x8GB-KIT-DDR4-3000-PC4-24000-Deskto.jpg)
NEW OLOy 16GB 2x8GB KIT DDR4-3000 PC4-24000 Desktop Gaming RAM MD4U0830160BB1ST
$19.99
![Crucial DDR3L 16GB 1600 2x 8GB PC3-12800 Laptop SODIMM Memory RAM PC3 16G DDR3 picture](/store/img/g/mecAAOSw2Vlkv6Ot/s-l225/Crucial-DDR3L-16GB-1600-2x-8GB-PC3-12800-Laptop-SO.jpg)
Crucial DDR3L 16GB 1600 2x 8GB PC3-12800 Laptop SODIMM Memory RAM PC3 16G DDR3
$22.45
![Team T-FORCE VULCAN Z 32GB (2 x 16GB) PC RAM DDR4 3200 (PC4 25600) Memory picture](/store/img/g/~u4AAOSwK-liKn7t/s-l225/Team-T-FORCE-VULCAN-Z-32GB-2-x-16GB-PC-RAM-DDR4-32.jpg)
Team T-FORCE VULCAN Z 32GB (2 x 16GB) PC RAM DDR4 3200 (PC4 25600) Memory
$54.99
![HyperX FURY DDR4 8GB 16GB 32GB 3200MHz PC4-25600 Desktop RAM Memory DIMM 288pins picture](/store/img/g/OQ4AAOSwK99kxOty/s-l225/HyperX-FURY-DDR4-8GB-16GB-32GB-3200MHz-PC4-25600-D.jpg)
HyperX FURY DDR4 8GB 16GB 32GB 3200MHz PC4-25600 Desktop RAM Memory DIMM 288pins
$71.93
![HyperX FURY DDR4 16GB 3200 MHz PC4-25600 Desktop RAM Memory DIMM 288pin 2x 16GB picture](/store/img/g/hWAAAOSwikdkv6jx/s-l225/HyperX-FURY-DDR4-16GB-3200-MHz-PC4-25600-Desktop-R.jpg)
HyperX FURY DDR4 16GB 3200 MHz PC4-25600 Desktop RAM Memory DIMM 288pin 2x 16GB
$128.20