NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

btaroli's avatar
btaroli
Prodigy
Apr 08, 2014

ROS 6, OpenSSL, and package updates?

No sooner do I read this evening that Fedora and others a re quickly working to get OpenSSL 1.0.1e out to fix the latest TLS bug that I log into my 516 to see what version it's running. Oh my, 1.0.1e....
Installation & Upgrade
fastfwd's avatar
fastfwd
Virtuoso
Apr 08, 2014
hma9 wrote:
I have to guess Debian backported the fix to the above linked versions, so although their names contain "1.0.1e" the suffix "+deb7u5" seems to mark a version patched with the fix yesterday. The +deb7u6 released today presumably still contains the fix but I didn't see any clear statement about it. Thus alanwsg, btaroli and I were probably wrong in our last comments.

Yes, versions 1.0.1e-2+deb7u5 and 1.0.1e-2+deb7u6 contain the fix. From the changelog:

openssl (1.0.1e-2+deb7u6) wheezy-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * Enable checking for services that may need to be restarted
  * Update list of services to possibly restart

 -- Salvatore Bonaccorso <carnil@debian.org>  Tue, 08 Apr 2014 10:44:53 +0200

openssl (1.0.1e-2+deb7u5) wheezy-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * Add CVE-2014-0160.patch patch.
    CVE-2014-0160: Fix TLS/DTLS hearbeat information disclosure.
    A missing bounds check in the handling of the TLS heartbeat extension
    can be used to reveal up to 64k of memory to a connected client or
    server.

 -- Salvatore Bonaccorso <carnil@debian.org>  Mon, 07 Apr 2014 22:26:55 +0200

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More