Re: Why still heartbleed on Wheezy <SOLVED AGAIN>
On Sun, 20 Apr 2014 07:32:20 +0100
Dom <toyer@rpdom.net> wrote:
> On 20/04/14 06:39, Steve Litt wrote:
> > Hi all,
> >
> > I installed Wheezy on my backup server, then did this:
> >
> > apt-get update
> > apt-get upgrade
> >
> > root@bupserv:/backupserver/stevebup# openssl version
> > OpenSSL 1.0.1e 11 Feb 2013
> > root@bupserv:/backupserver/stevebup#
> >
> >
> > Here's my /etc/apt/sources.list:
> >
> > ======================================
> > #
> >
> > # deb cdrom:[Debian GNU/Linux 7.4.0 _Wheezy_ - Official amd64
> > NETINST Binary-1 20140208-13:45]/ wheezy main
> >
> > #deb cdrom:[Debian GNU/Linux 7.4.0 _Wheezy_ - Official amd64 NETINST
> > Binary-1 20140208-13:45]/ wheezy main
> >
> > deb http://ftp.us.debian.org/debian/ wheezy main non-free contrib
> > deb-src http://ftp.us.debian.org/debian/ wheezy main non-free
> > contrib
> >
> > deb http://security.debian.org/ wheezy/updates main contrib non-free
> > deb-src http://security.debian.org/ wheezy/updates main contrib
> > non-free
> >
> > deb http://security.debian.org/debian-security wheezy/updates main
> >
> > # wheezy-updates, previously known as 'volatile'
> > deb http://ftp.us.debian.org/debian/ wheezy-updates main contrib
> > non-free deb-src http://ftp.us.debian.org/debian/ wheezy-updates
> > main contrib non-free ======================================
> >
> > Any ideas how I should proceed?
> >
>
> By checking the revision of the release, rather than just the
> internal version number.
>
> dom@ozzy:~$ dpkg-query -W openssl
> openssl 1.0.1e-2+deb7u6
>
> The "deb7u6" is the important bit. The "heartbleed" bug only exists
> in deb7u4 and earlier.
>
Thanks Dom,
This was indeed the issue:
root@bupserv:/etc/apt# dpkg-query -W openssl
openssl 1.0.1e-2+deb7u7
root@bupserv:/etc/apt#
SteveT
Steve Litt * http://www.troubleshooters.com/
Troubleshooting Training * Human Performance
Reply to: