[Live-demo] OSGeo-Live and HeartBleed vulnerability
cameron.shorter at gmail.com
Mon Apr 14 05:26:28 PDT 2014
TheHeartbleed Bug <http://heartbleed.com/>- described inthis Ubuntu
Security Note <http://www.ubuntu.com/usn/usn-2165-1/>- is a serious
security exposure, and the relevant software components shipped on the
OSGeo-Live versions 6.0 to the present 7.9.
As described in many widely available posts on the Internet, the
HeartBleed vulnerability is exposed when network software uses the
Transport Layer Security (TLS) feature built on top of a current version
of the encryption library openssl. The fix to the vulnerability is to
upgrade the openssl package via the Ubuntu/Debian apt mechanism.
No software on the OSGeo-Live is configured to serve network connections
using TLS "out of the box." However, some software (such as QGis) which
provide WMS connectivity to other network services, may create a
reverse-vulnerability when a secure connection is established. By
patching your OSGeo-Live openssl library, you can close that
Please note that the OSGeo-Live project does not recommend using
OSGeo-Live "as-is" for production deployment on the Internet.
All users of OSGeo Live from versions 6.0 to the present 7.9 release are
strongly encouraged to apply software updates to any installed system.
OSGeo-Live releases effected
OSGeo-Live releases based on Ubuntu 12.04 are effected. This includes
How to Fix
The OSGeo-Live project recommends that all installed versions of an
affected OSGeo-Live release follow at a minimum, these steps:
sudo apt-get update
sudo apt-get install libssl1.0.0
The default password is "user" (four characters).
Using the graphical update manager will also work, click the 8 pointed
start in the top toolbar. Make sure to check for updates and apply any
updates to libssl available.
A*restart*of all services is recommended after the update is applied.
You can either do them by hand or reboot the whole system.
Signed: The OSGeo-Live core development team.
Software and Data Solutions Manager
Suite 112, Jones Bay Wharf,
26 - 32 Pirrama Rd, Pyrmont NSW 2009
P +61 2 9009 5000, Wwww.lisasoft.com, F +61 2 9009 5099
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Osgeolive