[mythtv-users] the heartbleed openssl bug and mythtv
HP-mini
blm-ubunet at slingshot.co.nz
Wed Apr 9 19:47:06 UTC 2014
On Wed, 2014-04-09 at 15:33 -0400, Ian Evans wrote:
> On Wed, Apr 9, 2014 at 3:12 PM, <yan at seiner.com> wrote:
> > Just a heads up that if you've made your mythbox accessible
> from the
> > outside via ssh or mythweb you may need to make sure your
> system isn't
> > affected by the recenlty discovered heartbleed security
> hole.
> >
> >
> http://serverfault.com/questions/587329/heartbleed-what-is-it-and-what-are-options-to-mitigate-it
> >
> > I'm currently running mythbuntu 12.04. Any tips to get
> patched? Should I
> > hope to 13.04 immediately?
>
>
> apt-get update && apt-get upgrade
>
> if you don't have automatic security updates enabled (which
> you should).
>
> Mine updated sometime between the 4th and today.
>
> If you want to dist-upgrade wait until 14.04 is out in a few
> more days.
> I did that earlier today and it's still OpenSSL 1.0.1 14 Mar 2012
> I do use TLS for some email alerts for the box.
>
This is the 3rd major security flaw in as many months. (iOS goto fail,
GnuTLS & openSSL)
All my 12.04LTS computers have received this openSSL update.
Do not hop to 13.04 , that is dead.
As mentioned by Yan, you need to enable security updates repositories.
Do this in synaptic package manager (settings/repositories: tab
"Updates").
More information about the mythtv-users
mailing list