Heartbleed

I have Zorin (I think it is 8, uname output below) installed, and I just checked my version of OpenSSL and got the following:

nathan@rapier-Zorin:~$ openssl version
OpenSSL 1.0.1e 11 Feb 2013
nathan@rapier-Zorin:~$ sudo apt-get install openssl
Reading package lists... Done
Building dependency tree
Reading state information... Done
openssl is already the newest version.

Now, this is really concerning as 1.0.1e is subject to the heartbleed security vulnerability (see heartbleed.com), and there is NO UPDATE available for Zorin? Now, since I'm not using my computer as any kind of server, it is probably not much of a concern, but still, you should provide security patches when they are for something this widespread!

nathan@rapier-Zorin:~$ uname -a
Linux rapier-Zorin 3.11.0-19-generic #33-Ubuntu SMP Tue Mar 11 18:48:32 UTC 2014 i686 i686 i686 GNU/Linux

Hi, as I understand it, Heartbleed was aimed at servers intercepting data that is stored there - user names and passwords - the general advice is, change your passwords now on all your sites. An explanation of how it affects things is nicely given here:

http://vimeo.com/91425662

Advice here:

http://www.sheffieldforum.co.uk/showpos ... stcount=13

There can be an issue as outlined here - reverse heartbleed - but then someone would have to be silly enough to open an email when they know their financial institution never does that, or falls for social network sites - those I avoide like the plague!

https://vimeo.com/91730668

Best way forward here:

https://vimeo.com/91943418

Hi,

you should have this package installed “openssl” 1.0.1e-3ubuntu1.2 which is patched!:

https://launchpad.net/ubuntu/+source/op ... 3ubuntu1.2

You can check in Synaptic package manager what version you have with the full name, the one above is what I have!.

Just to add, tried that 'filippio' address in Firefox and it came back as unsafe - have left a comment about this!