[Ninux-Wireless] OpenWrt e AirOs - OpenSSL: update to 1.0.1g - heartbleed bug
Saverio Proto
zioproto a gmail.com
Ven 11 Apr 2014 09:02:19 CEST
Ciao,
inoltro da OpenWrt Devel.
OpenWrt ha gia rilasciato il nuovo ipkg di OpenSSL.
Alla grande il sui miei apparato Scooreggione sono entrato ed ho dato i comandi
opkg update
opkg install openssl
ed ho aggiornato openssl senza dover riflashare.
Io non ho piu apparati miei con AirOS. Chi ha accesso ad apparati
AirOS con Sburratone, puo fare ldd per controllare il web server
lighttpd che versione di OpenSSL usa ?
Stanno uscendo i tools per sfruttare il bug. Questo รจ un bug serio.
Saverio
---------- Forwarded message ----------
From: John Crispin <john a phrozen.org>
Date: 2014-04-10 22:45 GMT+02:00
Subject: [OpenWrt-Devel] OpenSSL: update to 1.0.1g - heartbleed bug
To: OpenWrt Development List <openwrt-devel a lists.openwrt.org>
Heartbleed - libopenssl AA binary feed update
we updated the AA release. the files libopenssl_1.0.1e-1_*.ipk have
been replaced with libopenssl_1.0.1g-1_*.ipk and the Packages index
was updated. If you use openssl on your unit you need to run :
# opkg update
# opkg upgrade libopenssl
In order to ensure that all affected services are using the updated
OpenSSL library it is recommended to reboot the device after applying
the upgrade.
To find out more about the bug go to - http://heartbleed.com/
Note that default OpenWrt installations are not vulnerable to the
particular bug, neither the builtin SSH server nor the optional LuCI
SSL support rely on OpenSSL for cryptography.
The OpenSSL library is not installed within the stock images available
on the download server.
This is not a lightweight bug. Please take it serious and check your unit.
OpenWrt Developers
_______________________________________________
openwrt-devel mailing list
openwrt-devel a lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Maggiori informazioni sulla lista
Wireless