DSM-G600, DNS-3xx and NSA-220 Hack Forum

Unfortunately no one can be told what fun_plug is - you have to see it for yourself.

You are not logged in.

Announcement

#1 2014-04-11 19:42:10

futbol4me
Member
Registered: 2010-09-18
Posts: 11

Update openssh for heartbleed?

Does it make sense to update our machines to plug the openssh heartbleed bug?  Or is this something only web administrators have to worry about...

If so, can someone post "newbie" instructions on how to do this?

Thanks!

Offline

 

#2 2014-04-14 14:11:45

sala
Member / Site Admin
From: Estonia
Registered: 2006-07-28
Posts: 731
Website

Re: Update openssh for heartbleed?

Openssh is not using openssl heartbeat feature from faulty code so no patching is necessary.


DSM-G600 - NetBSD hdd-boot - 80GB Samsung SP0802N
NSA-220 - Gentoo armv5tel 20110121 hdd-boot - 2x 2TB WD WD20EADS

Offline

 

#3 2014-05-02 08:40:07

KyleK
Member
From: Dresden, Germany
Registered: 2007-12-05
Posts: 1178

Re: Update openssh for heartbleed?

I'd say if you run any webserver (like lighttpd) on your NAS and have enabled HTTPS access from outside your local network, then yes you should upgrade openssl to the patched version.

If you only access the NAS locally, via SSH, then it shouldn't be necessary.

Offline

 

#4 2014-05-03 14:19:35

Mijzelf
Member / Developer
Registered: 2008-07-05
Posts: 709

Re: Update openssh for heartbleed?

Only version 1.0.1 - 1.0.1f of OpenSSL are affected. FFP uses 1.0.0g and I guess the firmware version is even older, so that should be no problem.

Offline

 

Board footer

Powered by PunBB
© Copyright 2002–2010 PunBB