Attention when updating Debian stable (Jessie) or Ubuntu 14.04 LTS (Trusty)

Christian Beer
Christian Beer
Joined: 9 Feb 05
Posts: 595
Credit: 115,301,129
RAC: 83,122

Did you restart after the

Did you restart after the update? It may be necessary for BOINC to update the curl/openssl link.

Thunder
Thunder
Joined: 18 Jan 05
Posts: 138
Credit: 46,754,541
RAC: 0

RE: Did you restart after

Quote:
Did you restart after the update? It may be necessary for BOINC to update the curl/openssl link.

That did it. Pardon my ignorance, but I couldn't easily figure out how to restart the boinc client, so I just rebooted the system. As soon as I tried a project update it grabbed a couple new tasks.

SuperSluether
SuperSluether
Joined: 1 Sep 14
Posts: 4
Credit: 54,809,605
RAC: 0

Are there any possible

Are there any possible security risks with holding back this package? Will the package eventually be updated to fix the problem on Debian and Raspbian?

Christian Beer
Christian Beer
Joined: 9 Feb 05
Posts: 595
Credit: 115,301,129
RAC: 83,122

The Maintainer of the package

The Maintainer of the package is working on an update but it there is a systematic problem as it was never anticipated to include a removed certificate again. A security risk is that you have several 1024bit certificates on your computer that use a weak signature. As far as I know there are no attacks going on right now that are aimed at websites using 1024bit certificates. As soon as that is the case we will re-evaluate our advise.

Christian Beer
Christian Beer
Joined: 9 Feb 05
Posts: 595
Credit: 115,301,129
RAC: 83,122

A new openssl version (that

A new openssl version (that has a fix for this problem) is already accepted into stable proposed updates. It shouldn't be long until this is available in the normal stable repository.

hartacus
hartacus
Joined: 2 May 14
Posts: 9
Credit: 4,990,556
RAC: 0

Thanks for the update!

Thanks for the update!

Christian Beer
Christian Beer
Joined: 9 Feb 05
Posts: 595
Credit: 115,301,129
RAC: 83,122

I was informed that with the

I was informed that with the update to Debian Jessie 8.5 on June 4th a new OpenSSL version was introduced that fixes the problem with certificate validation. You can now unhold the ca-certificates package and update to 8.5 like this:

apt-get update
aptitude unhold ca-certificates
apt-get upgrade

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.