<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Further on heartbleed and osgeolive:<br>
<br>
<div class="moz-cite-prefix">On 14/04/14 10:49 PM, Markus Neteler
wrote:<br>
</div>
<blockquote
cite="mid:CALFmHhtDOBoe=q3cykvZ8vXA7rQ_E27B+tyU4zp80fWWZGHceA@mail.gmail.com"
type="cite">
<blockquote type="cite" style="color: #000000;">
<pre wrap="">A restart of all services is recommended after the update is applied.
</pre>
</blockquote>
<pre wrap="">... it is a <b class="moz-txt-star"><span class="moz-txt-tag">*</span>must<span class="moz-txt-tag">*</span></b>. Otherwise the old libs are used from RAM.
I tested that.
</pre>
</blockquote>
<br>
Thanks Markus for the insight.<br>
<br>
<div class="moz-cite-prefix">On 14/04/14 10:26 PM, Cameron Shorter
wrote:<br>
</div>
<blockquote cite="mid:534BD3F4.1050306@gmail.com" type="cite">
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
<meta charset="utf-8">
<meta charset="utf-8">
<p style="margin: 0.4em 0px 0.5em; line-height:
19.049999237060547px; color: rgb(0, 0, 0); font-family:
sans-serif; font-size: 13px; font-style: normal; font-variant:
normal; font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px; text-transform: none;
white-space: normal; widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px; background-color: rgb(255, 255,
255);">The<span class="Apple-converted-space"> </span><a
moz-do-not-send="true" href="http://heartbleed.com/"
class="external text" rel="nofollow" style="text-decoration:
none; color: rgb(51, 102, 187); background-image:
url(http://wiki.osgeo.org/skins/monobook/external.png);
padding-right: 13px; background-position: 100% 50%;
background-repeat: no-repeat no-repeat;">Heartbleed Bug</a><span
class="Apple-converted-space"> </span>- described in<span
class="Apple-converted-space"> </span><a
moz-do-not-send="true"
href="http://www.ubuntu.com/usn/usn-2165-1/" class="external
text" rel="nofollow" style="text-decoration: none; color:
rgb(51, 102, 187); background-image:
url(http://wiki.osgeo.org/skins/monobook/external.png);
padding-right: 13px; background-position: 100% 50%;
background-repeat: no-repeat no-repeat;">this Ubuntu Security
Note</a><span class="Apple-converted-space"> </span>- is a
serious security exposure, and the relevant software components
shipped on the OSGeo-Live versions 6.0 to the present 7.9.</p>
<p style="margin: 0.4em 0px 0.5em; line-height:
19.049999237060547px; color: rgb(0, 0, 0); font-family:
sans-serif; font-size: 13px; font-style: normal; font-variant:
normal; font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px; text-transform: none;
white-space: normal; widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px; background-color: rgb(255, 255,
255);">As described in many widely available posts on the
Internet, the HeartBleed vulnerability is exposed when network
software uses the Transport Layer Security (TLS) feature built
on top of a current version of the encryption library openssl.
The fix to the vulnerability is to upgrade the openssl package
via the Ubuntu/Debian apt mechanism.</p>
<p style="margin: 0.4em 0px 0.5em; line-height:
19.049999237060547px; color: rgb(0, 0, 0); font-family:
sans-serif; font-size: 13px; font-style: normal; font-variant:
normal; font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px; text-transform: none;
white-space: normal; widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px; background-color: rgb(255, 255,
255);">No software on the OSGeo-Live is configured to serve
network connections using TLS "out of the box." However, some
software (such as QGis) which provide WMS connectivity to other
network services, may create a reverse-vulnerability when a
secure connection is established. By patching your OSGeo-Live
openssl library, you can close that reverse-exposure.</p>
<p style="margin: 0.4em 0px 0.5em; line-height:
19.049999237060547px; color: rgb(0, 0, 0); font-family:
sans-serif; font-size: 13px; font-style: normal; font-variant:
normal; font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px; text-transform: none;
white-space: normal; widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px; background-color: rgb(255, 255,
255);">Please note that the OSGeo-Live project does not
recommend using OSGeo-Live "as-is" for production deployment on
the Internet.</p>
<p style="margin: 0.4em 0px 0.5em; line-height:
19.049999237060547px; color: rgb(0, 0, 0); font-family:
sans-serif; font-size: 13px; font-style: normal; font-variant:
normal; font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px; text-transform: none;
white-space: normal; widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px; background-color: rgb(255, 255,
255);">All users of OSGeo Live from versions 6.0 to the present
7.9 release are strongly encouraged to apply software updates to
any installed system.</p>
<p style="margin: 0.4em 0px 0.5em; line-height:
19.049999237060547px; color: rgb(0, 0, 0); font-family:
sans-serif; font-size: 13px; font-style: normal; font-variant:
normal; font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px; text-transform: none;
white-space: normal; widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px; background-color: rgb(255, 255,
255);"><br>
</p>
<h2 style="color: rgb(0, 0, 0); background-image: none;
background-color: rgb(255, 255, 255); font-weight: normal;
margin: 0px 0px 0.6em; padding-top: 0.5em; padding-bottom:
0.17em; border-bottom-width: 1px; border-bottom-style: solid;
border-bottom-color: rgb(170, 170, 170); font-size: 19px;
font-family: sans-serif; font-style: normal; font-variant:
normal; letter-spacing: normal; line-height:
19.049999237060547px; orphans: auto; text-align: start;
text-indent: 0px; text-transform: none; white-space: normal;
widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-position: initial initial; background-repeat: initial
initial;"><span class="mw-headline"
id="OSGeo-Live_releases_effected">OSGeo-Live releases effected</span></h2>
<p style="margin: 0.4em 0px 0.5em; line-height:
19.049999237060547px; color: rgb(0, 0, 0); font-family:
sans-serif; font-size: 13px; font-style: normal; font-variant:
normal; font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px; text-transform: none;
white-space: normal; widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px; background-color: rgb(255, 255,
255);">OSGeo-Live releases based on Ubuntu 12.04 are effected.
This includes versions:</p>
<ul style="line-height: 19.049999237060547px; list-style-type:
square; margin: 0.3em 0px 0px 1.5em; padding: 0px;
list-style-image:
url(http://wiki.osgeo.org/skins/monobook/bullet.gif); color:
rgb(0, 0, 0); font-family: sans-serif; font-size: 13px;
font-style: normal; font-variant: normal; font-weight: normal;
letter-spacing: normal; orphans: auto; text-align: start;
text-indent: 0px; text-transform: none; white-space: normal;
widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255);">
<li style="margin-bottom: 0.1em;">6.0</li>
<li style="margin-bottom: 0.1em;">6.5</li>
<li style="margin-bottom: 0.1em;">7.0</li>
<li style="margin-bottom: 0.1em;">7.9</li>
</ul>
<h2 style="color: rgb(0, 0, 0); background-image: none;
background-color: rgb(255, 255, 255); font-weight: normal;
margin: 0px 0px 0.6em; padding-top: 0.5em; padding-bottom:
0.17em; border-bottom-width: 1px; border-bottom-style: solid;
border-bottom-color: rgb(170, 170, 170); font-size: 19px;
font-family: sans-serif; font-style: normal; font-variant:
normal; letter-spacing: normal; line-height:
19.049999237060547px; orphans: auto; text-align: start;
text-indent: 0px; text-transform: none; white-space: normal;
widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-position: initial initial; background-repeat: initial
initial;"><span class="mw-headline" id="How_to_Fix">How to Fix</span></h2>
<p style="margin: 0.4em 0px 0.5em; line-height:
19.049999237060547px; color: rgb(0, 0, 0); font-family:
sans-serif; font-size: 13px; font-style: normal; font-variant:
normal; font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px; text-transform: none;
white-space: normal; widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px; background-color: rgb(255, 255,
255);">The OSGeo-Live project recommends that all installed
versions of an affected OSGeo-Live release follow at a minimum,
these steps:</p>
<pre style="padding: 1em; border: 1px dashed rgb(47, 111, 171); color: rgb(0, 0, 0); background-color: rgb(249, 249, 249); line-height: 1.1em; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;">sudo apt-get update
sudo apt-get install libssl1.0.0
</pre>
<p style="margin: 0.4em 0px 0.5em; line-height:
19.049999237060547px; color: rgb(0, 0, 0); font-family:
sans-serif; font-size: 13px; font-style: normal; font-variant:
normal; font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px; text-transform: none;
white-space: normal; widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px; background-color: rgb(255, 255,
255);">The default password is "user" (four characters).</p>
<p style="margin: 0.4em 0px 0.5em; line-height:
19.049999237060547px; color: rgb(0, 0, 0); font-family:
sans-serif; font-size: 13px; font-style: normal; font-variant:
normal; font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px; text-transform: none;
white-space: normal; widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px; background-color: rgb(255, 255,
255);">Using the graphical update manager will also work, click
the 8 pointed start in the top toolbar. Make sure to check for
updates and apply any updates to libssl available.</p>
<p style="margin: 0.4em 0px 0.5em; line-height:
19.049999237060547px; color: rgb(0, 0, 0); font-family:
sans-serif; font-size: 13px; font-style: normal; font-variant:
normal; font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px; text-transform: none;
white-space: normal; widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px; background-color: rgb(255, 255,
255);">A<span class="Apple-converted-space"> </span><b>restart</b><span
class="Apple-converted-space"> </span>of all services is
recommended after the update is applied. You can either do them
by hand or reboot the whole system.<br>
</p>
<p style="margin: 0.4em 0px 0.5em; line-height:
19.049999237060547px; color: rgb(0, 0, 0); font-family:
sans-serif; font-size: 13px; font-style: normal; font-variant:
normal; font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px; text-transform: none;
white-space: normal; widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px; background-color: rgb(255, 255,
255);"><br>
Signed: The OSGeo-Live core development team.<br>
</p>
<p style="margin: 0.4em 0px 0.5em; line-height:
19.049999237060547px; color: rgb(0, 0, 0); font-family:
sans-serif; font-size: 13px; font-style: normal; font-variant:
normal; font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px; text-transform: none;
white-space: normal; widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px; background-color: rgb(255, 255,
255);"><br>
</p>
<pre class="moz-signature" cols="72">--
Cameron Shorter,
Software and Data Solutions Manager
LISAsoft
Suite 112, Jones Bay Wharf,
26 - 32 Pirrama Rd, Pyrmont NSW 2009
P +61 2 9009 5000, W <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="http://www.lisasoft.com">www.lisasoft.com</a>, F +61 2 9009 5099</pre>
<p style="margin: 0.4em 0px 0.5em; line-height:
19.049999237060547px; color: rgb(0, 0, 0); font-family:
sans-serif; font-size: 13px; font-style: normal; font-variant:
normal; font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px; text-transform: none;
white-space: normal; widows: auto; word-spacing: 0px;
-webkit-text-stroke-width: 0px; background-color: rgb(255, 255,
255);"><br>
</p>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Cameron Shorter,
Software and Data Solutions Manager
LISAsoft
Suite 112, Jones Bay Wharf,
26 - 32 Pirrama Rd, Pyrmont NSW 2009
P +61 2 9009 5000, W <a class="moz-txt-link-abbreviated" href="http://www.lisasoft.com">www.lisasoft.com</a>, F +61 2 9009 5099</pre>
</body>
</html>