NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

btaroli's avatar
btaroli
Prodigy
Apr 08, 2014

ROS 6, OpenSSL, and package updates?

No sooner do I read this evening that Fedora and others a re quickly working to get OpenSSL 1.0.1e out to fix the latest TLS bug that I log into my 516 to see what version it's running. Oh my, 1.0.1e....
Installation & Upgrade
btaroli's avatar
btaroli
Prodigy
Apr 09, 2014
alanwsg wrote:
-- did they REALLY update the package but not change the version number?


The remediation options (see notes at http://heartbleed.com/ ... Reading IS fun!) were to upgrade to 1.0.1g or rebuild on existing version with an option to disable the problematic TLS heartbeat function. This is the latter. It also makes it a bit confusing since you'll see new revisions of what appears to be the same OpenSSL package. I hesitate to call it a patch when it's just a new alternate build, but it's certainly fixed. ;)

But this is why you need to verify the build date, since just looking at the package version may not be enough.

If you're very paranoid there is a test tool at http://filippo.io/Heartbleed/

And if you are (wisely) planning to change passwords, don't do it until you (or any affected website) have applied a fixed build AND have applied new site keys -- since /private/ keys may have been leaked and there's no way to be sure they weren't.

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More