heartbleed update ?

arginine · April 15, 2014, 11:31pm

Hello,
is it safe (i.e. volumio will still works) to make the apt-get update and apt-get upgrade in order to fix the heart bleed (http://heartbleed.com) issue in openssl ?

penSSL 1.0.1e 11 Feb 2013 built on: Sun Mar 24 12:44:00 UTC 2013 platform: debian-armhf options: bn(64,32) rc4(ptr,char) des(idx,cisc,16,long) blowfish(ptr) compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -DTERMIO -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-z,relro -Wa,--noexecstack -Wall -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DGHASH_ASM OPENSSLDIR: "/usr/lib/ssl"

F

volumio · April 17, 2014, 10:12am

You’re gonna break something for sure. Better to install just openssl. Anyway this is not used in Volumio, so you’re not vulnerable to anything, dont’ worry