[Ninux-Wireless] [ninux-roma] OpenWrt e AirOs - OpenSSL: update to 1.0.1g - heartbleed bug

Saverio Proto zioproto a gmail.com
Ven 11 Apr 2014 10:34:35 CEST 

io leggo openssh non openssl

occhio !

Saverio

2014-04-11 9:42 GMT+02:00 Edoardo Mazzaracchio <edoardo.mazzaracchio a gmail.com>:
> Ho appena fatto un "sudo apt-get update" e "sudo apt-get upgrade" su EdgeOS
> del mio EdgeMAX e ha aggiornato proprio OpenSSL:
>
> nazza a Nazza-Edge:~$ sudo apt-get upgrade
> Reading package lists... Done
> Building dependency tree... Done
> The following packages will be upgraded:
>   openssh-client openssh-server ssh
> 3 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
> Need to get 1253 kB of archives.
> After this operation, 45.1 kB disk space will be freed.
> Do you want to continue [Y/n]? Y
>
> Per AirOS non ho ancora visto
>
>
> 2014-04-11 9:02 GMT+02:00 Saverio Proto <zioproto a gmail.com>:
>
>> Ciao,
>>
>> inoltro da OpenWrt Devel.
>>
>> OpenWrt ha gia rilasciato il nuovo ipkg di OpenSSL.
>>
>> Alla grande il sui miei apparato Scooreggione sono entrato ed ho dato i
>> comandi
>>
>> opkg update
>> opkg install openssl
>>
>> ed ho aggiornato openssl senza dover riflashare.
>>
>> Io non ho piu apparati miei con AirOS. Chi ha accesso ad apparati
>> AirOS con Sburratone, puo fare ldd per controllare il web server
>> lighttpd che versione di OpenSSL usa ?
>>
>> Stanno uscendo i tools per sfruttare il bug. Questo รจ un bug serio.
>>
>> Saverio
>>
>>
>>
>> ---------- Forwarded message ----------
>> From: John Crispin <john a phrozen.org>
>> Date: 2014-04-10 22:45 GMT+02:00
>> Subject: [OpenWrt-Devel] OpenSSL: update to 1.0.1g - heartbleed bug
>> To: OpenWrt Development List <openwrt-devel a lists.openwrt.org>
>>
>>
>> Heartbleed - libopenssl AA binary feed update
>>
>> we updated the AA release. the files libopenssl_1.0.1e-1_*.ipk have
>> been replaced with libopenssl_1.0.1g-1_*.ipk and the Packages index
>> was updated. If you use openssl on your unit you need to run :
>>
>> # opkg update
>> # opkg upgrade libopenssl
>>
>> In order to ensure that all affected services are using the updated
>> OpenSSL library it is recommended to reboot the device after applying
>> the upgrade.
>>
>> To find out more about the bug go to - http://heartbleed.com/
>>
>> Note that default OpenWrt installations are not vulnerable to the
>> particular bug, neither the builtin SSH server nor the optional LuCI
>> SSL support rely on OpenSSL for cryptography.
>>
>> The OpenSSL library is not installed within the stock images available
>> on the download server.
>>
>> This is not a lightweight bug. Please take it serious and check your unit.
>>
>>     OpenWrt Developers
>> _______________________________________________
>> openwrt-devel mailing list
>> openwrt-devel a lists.openwrt.org
>> https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
>
>

Maggiori informazioni sulla lista Wireless