NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
ROS 6, OpenSSL, and package updates?
No sooner do I read this evening that Fedora and others a re quickly working to get OpenSSL 1.0.1e out to fix the latest TLS bug that I log into my 516 to see what version it's running. Oh my, 1.0.1e....
Reading https://www.debian.org/security/2014/dsa-2896 and https://security-tracker.debian.org/tracker/CVE-2014-0160
I have to guess Debian backported the fix to the above linked versions, so although their names contain "1.0.1e" the suffix "+deb7u5" seems to mark a version patched with the fix yesterday. The +deb7u6 released today presumably still contains the fix but I didn't see any clear statement about it. Thus alanwsg, btaroli and I were probably wrong in our last comments.
The steps I now took to upgrade my ReadyNas RN102 were (as root):
Edit /etc/apt/sources.list to append "deb http://security.debian.org/debian-security wheezy/updates main" on a new line. (Since I have a plain install I had to use the vi editor, http://www.cs.fsu.edu/general/vimanual.html)
# apt-get update
# apt-get install openssl/wheezy
(An apt-get upgrade did not select openssl, presumably due to the pinning -- http://jaqque.sbih.org/kplug/apt-pinning.html)
# apt-get install libssl1.0.0/wheezy
(I did not install libssl-dev, libssl-doc or libcrypto++9 since they first two were not previously installed and the latter under a lower version number, maybe before the bug was introduced.)
I have to guess Debian backported the fix to the above linked versions, so although their names contain "1.0.1e" the suffix "+deb7u5" seems to mark a version patched with the fix yesterday. The +deb7u6 released today presumably still contains the fix but I didn't see any clear statement about it. Thus alanwsg, btaroli and I were probably wrong in our last comments.
The steps I now took to upgrade my ReadyNas RN102 were (as root):
Edit /etc/apt/sources.list to append "deb http://security.debian.org/debian-security wheezy/updates main" on a new line. (Since I have a plain install I had to use the vi editor, http://www.cs.fsu.edu/general/vimanual.html)
# apt-get update
# apt-get install openssl/wheezy
(An apt-get upgrade did not select openssl, presumably due to the pinning -- http://jaqque.sbih.org/kplug/apt-pinning.html)
# apt-get install libssl1.0.0/wheezy
(I did not install libssl-dev, libssl-doc or libcrypto++9 since they first two were not previously installed and the latter under a lower version number, maybe before the bug was introduced.)
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
