[mythtv-users] the heartbleed openssl bug and mythtv

Tom Bongiorno tbjr at bongohut.com
Wed Apr 9 19:48:40 UTC 2014 

On Wed, Apr 9, 2014 at 3:47 PM, HP-mini <blm-ubunet at slingshot.co.nz> wrote:

> On Wed, 2014-04-09 at 15:33 -0400, Ian Evans wrote:
> > On Wed, Apr 9, 2014 at 3:12 PM, <yan at seiner.com> wrote:
> >         > Just a heads up that if you've made your mythbox accessible
> >         from the
> >         > outside via ssh or mythweb you may need to make sure your
> >         system isn't
> >         > affected by the recenlty discovered heartbleed security
> >         hole.
> >         >
> >         >
> >
> http://serverfault.com/questions/587329/heartbleed-what-is-it-and-what-are-options-to-mitigate-it
> >         >
> >         > I'm currently running mythbuntu 12.04. Any tips to get
> >         patched? Should I
> >         > hope to 13.04 immediately?
> >
> >
> >         apt-get update && apt-get upgrade
> >
> >         if you don't have automatic security updates enabled (which
> >         you should).
> >
> >         Mine updated sometime between the 4th and today.
> >
> >         If you want to dist-upgrade wait until 14.04 is out in a few
> >         more days.
> > I did that earlier today and it's still OpenSSL 1.0.1 14 Mar 2012
> > I do use TLS for some email alerts for the box.
> >
> This is the 3rd major security flaw in as many months. (iOS goto fail,
> GnuTLS & openSSL)
>
> All my 12.04LTS computers have received this openSSL update.
> Do not hop to 13.04 , that is dead.
>
> As mentioned by Yan, you need to enable security updates repositories.
> Do this in synaptic package manager (settings/repositories: tab
> "Updates").
>
>
>
> _______________________________________________
> mythtv-users mailing list
> mythtv-users at mythtv.org
> http://www.mythtv.org/mailman/listinfo/mythtv-users
> http://wiki.mythtv.org/Mailing_List_etiquette
> MythTV Forums: https://forum.mythtv.org
>

I am not trying to be a troll at all, but I have a legitimate question.  If
I am running my backend as a MythTV only server, what should I be worried
about?  Someone can see/schedule/delete recordings if they decide to
target/sniff my IP and get login credentials?

-Tom
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.mythtv.org/pipermail/mythtv-users/attachments/20140409/d4c4c091/attachment.html>

More information about the mythtv-users mailing list