[mythtv-users] the heartbleed openssl bug and mythtv

Wed Apr 9 21:21:00 UTC 2014

On 4/9/14, 3:47 PM, HP-mini wrote:
> On Wed, 2014-04-09 at 15:33 -0400, Ian Evans wrote:
>> On Wed, Apr 9, 2014 at 3:12 PM, <yan at seiner.com> wrote:
>>         > Just a heads up that if you've made your mythbox accessible
>>         from the
>>         > outside via ssh or mythweb you may need to make sure your
>>         system isn't
>>         > affected by the recenlty discovered heartbleed security
>>         hole.
>>         >
>>         >
>>         http://serverfault.com/questions/587329/heartbleed-what-is-it-and-what-are-options-to-mitigate-it
>>         >
>>         > I'm currently running mythbuntu 12.04. Any tips to get
>>         patched? Should I
>>         > hope to 13.04 immediately?
>>         
>>         
>>         apt-get update && apt-get upgrade
>>         
>>         if you don't have automatic security updates enabled (which
>>         you should).
>>         
>>         Mine updated sometime between the 4th and today.
>>         
>>         If you want to dist-upgrade wait until 14.04 is out in a few
>>         more days.
>> I did that earlier today and it's still OpenSSL 1.0.1 14 Mar 2012
>> I do use TLS for some email alerts for the box.
>>
> This is the 3rd major security flaw in as many months. (iOS goto fail,
> GnuTLS & openSSL)
>
> All my 12.04LTS computers have received this openSSL update.
> Do not hop to 13.04 , that is dead.
>
> As mentioned by Yan, you need to enable security updates repositories.
> Do this in synaptic package manager (settings/repositories: tab
> "Updates").
>
>
>
> _______________________________________________
>
Both my 12.04 and 14.04 machines updated to the fixed openssl yesterday.
Didn't get much in the lines of updates for the 12.04 machines, but the
14.04 had its usual slew of updates and I had noticed the openssl being
in one of the lists yesterday and manually verified this morning.