<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Wed, Apr 9, 2014 at 3:47 PM, HP-mini <span dir="ltr"><<a href="mailto:blm-ubunet@slingshot.co.nz" target="_blank">blm-ubunet@slingshot.co.nz</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div class=""><div class="h5">On Wed, 2014-04-09 at 15:33 -0400, Ian Evans wrote:<br>
> On Wed, Apr 9, 2014 at 3:12 PM, <<a href="mailto:yan@seiner.com">yan@seiner.com</a>> wrote:<br>
> > Just a heads up that if you've made your mythbox accessible<br>
> from the<br>
> > outside via ssh or mythweb you may need to make sure your<br>
> system isn't<br>
> > affected by the recenlty discovered heartbleed security<br>
> hole.<br>
> ><br>
> ><br>
> <a href="http://serverfault.com/questions/587329/heartbleed-what-is-it-and-what-are-options-to-mitigate-it" target="_blank">http://serverfault.com/questions/587329/heartbleed-what-is-it-and-what-are-options-to-mitigate-it</a><br>
> ><br>
> > I'm currently running mythbuntu 12.04. Any tips to get<br>
> patched? Should I<br>
> > hope to 13.04 immediately?<br>
><br>
><br>
> apt-get update && apt-get upgrade<br>
><br>
> if you don't have automatic security updates enabled (which<br>
> you should).<br>
><br>
> Mine updated sometime between the 4th and today.<br>
><br>
> If you want to dist-upgrade wait until 14.04 is out in a few<br>
> more days.<br>
> I did that earlier today and it's still OpenSSL 1.0.1 14 Mar 2012<br>
> I do use TLS for some email alerts for the box.<br>
><br>
</div></div>This is the 3rd major security flaw in as many months. (iOS goto fail,<br>
GnuTLS & openSSL)<br>
<br>
All my 12.04LTS computers have received this openSSL update.<br>
Do not hop to 13.04 , that is dead.<br>
<br>
As mentioned by Yan, you need to enable security updates repositories.<br>
Do this in synaptic package manager (settings/repositories: tab<br>
"Updates").<br>
<div class=""><div class="h5"><br>
<br>
<br>
_______________________________________________<br>
mythtv-users mailing list<br>
<a href="mailto:mythtv-users@mythtv.org">mythtv-users@mythtv.org</a><br>
<a href="http://www.mythtv.org/mailman/listinfo/mythtv-users" target="_blank">http://www.mythtv.org/mailman/listinfo/mythtv-users</a><br>
<a href="http://wiki.mythtv.org/Mailing_List_etiquette" target="_blank">http://wiki.mythtv.org/Mailing_List_etiquette</a><br>
MythTV Forums: <a href="https://forum.mythtv.org" target="_blank">https://forum.mythtv.org</a><br>
</div></div></blockquote></div><br></div><div class="gmail_extra"><div class="gmail_extra">I am not trying to be a troll at all, but I have a legitimate question. If I am running my backend as a MythTV only server, what should I be worried about? Someone can see/schedule/delete recordings if they decide to target/sniff my IP and get login credentials?</div>
<div class="gmail_extra"><br></div><div class="gmail_extra">-Tom</div></div></div>