Attention when updating Debian stable (Jessie) or Ubuntu 14.04 LTS (Trusty)
Language
Copyright © 2024 Einstein@Home. All rights reserved.
Copyright © 2024 Einstein@Home. All rights reserved.
Did you restart after the
)
Did you restart after the update? It may be necessary for BOINC to update the curl/openssl link.
RE: Did you restart after
)
That did it. Pardon my ignorance, but I couldn't easily figure out how to restart the boinc client, so I just rebooted the system. As soon as I tried a project update it grabbed a couple new tasks.
Are there any possible
)
Are there any possible security risks with holding back this package? Will the package eventually be updated to fix the problem on Debian and Raspbian?
The Maintainer of the package
)
The Maintainer of the package is working on an update but it there is a systematic problem as it was never anticipated to include a removed certificate again. A security risk is that you have several 1024bit certificates on your computer that use a weak signature. As far as I know there are no attacks going on right now that are aimed at websites using 1024bit certificates. As soon as that is the case we will re-evaluate our advise.
A new openssl version (that
)
A new openssl version (that has a fix for this problem) is already accepted into stable proposed updates. It shouldn't be long until this is available in the normal stable repository.
Thanks for the update!
)
Thanks for the update!
I was informed that with the
)
I was informed that with the update to Debian Jessie 8.5 on June 4th a new OpenSSL version was introduced that fixes the problem with certificate validation. You can now unhold the ca-certificates package and update to 8.5 like this: