Is this because HostingRails has its own, already patched, version of the package pre-installed? Do I need to upgrade myself or is this already done for the Ubuntu image?
Simon
OpenSSL update for Ubuntu 7.10 VPS image necessary?
- Srp
- Posts: 8
- Starts: 2
- Wiki Edits: 0
I just re-installed my VPS with the Ubuntu 7.10 image. Ubuntu normally requires a security patch for OpenSSL immediately after installation (see Ubuntu Security Notice USN-612-1 for details) but both the client and server packages are held back so can't be updated using a normal apt-get upgrade.
Is this because HostingRails has its own, already patched, version of the package pre-installed? Do I need to upgrade myself or is this already done for the Ubuntu image?
Simon
Is this because HostingRails has its own, already patched, version of the package pre-installed? Do I need to upgrade myself or is this already done for the Ubuntu image?
Simon
- Varun
- Posts: 410
- Starts: 0
- Wiki Edits: 0
Hi there -
It looks like that you don't need to upgrade anything ion your VPS. I read the link below which says you need the libssl0.9.8 to correct his problem.
https://lists.ubuntu.com/archives/ubuntu-security-announce/2008-May/000705.html
I checked your maachine and could see the openssl binary using the ssl library version below.
# ldd /usr/bin/openssl
libssl.so.0.9.8 => /usr/lib/i686/cmov/libssl.so.0.9.8
However, if you'd like to be on the safer side, you can follow the link below to correct this issue.
http://ubuntuforums.org/showthread.php?t=793517
It looks like that you don't need to upgrade anything ion your VPS. I read the link below which says you need the libssl0.9.8 to correct his problem.
https://lists.ubuntu.com/archives/ubuntu-security-announce/2008-May/000705.html
I checked your maachine and could see the openssl binary using the ssl library version below.
# ldd /usr/bin/openssl
libssl.so.0.9.8 => /usr/lib/i686/cmov/libssl.so.0.9.8
However, if you'd like to be on the safer side, you can follow the link below to correct this issue.
http://ubuntuforums.org/showthread.php?t=793517
2008-07-18 09:59 AM
- Srp
- Posts: 8
- Starts: 2
- Wiki Edits: 0
Many thanks. libssl was OK but the OpenSSL client and server packages were out of date. I updated them anyway and updated the certificates as necessary. Don't seem to have broken anything in the process, so if it was a custom version for HostingRails the new version doesn't seem to be incompatible.
If/when I re-image the server again I'll check the SSL version before I apply any more updates so I know if this is a necessary step in future.
If/when I re-image the server again I'll check the SSL version before I apply any more updates so I know if this is a necessary step in future.