Europe 2014

Here are some of the over 3000 photos I took on our trip to Paris, Bayeux, Giverny, Rome, Naples, Pompeii, Positano, Sant’Agnello, Sorrento, Capri, Anacapri and Benevento.

Don Bosco Class of 2014

Tee Tee’s Video Production for Graduation.

Mike and Tori at Glen Rock Jr. Prom

Week 22 2014

Don Bosco Senior Prom 2014

Pics from the picture party before the prom.

Weeks 19 & 20 2014

RSP 5-18-2014

Rumble in the Jungle Race

RSP 5-12-2014

RSP 5-11-2014

Week 18 2014

Wawayanda Spring Cleaning Race 5-4-2014

Sprain Ridge 5-3-2014

Week 17 2014

Chain-stretcher at Blue Mountain 4-27

Jungle Habitat 4-23

Week 16 2014

Graham Hills 4-19

RSP 4-18

RSP 4-17

Heartbleed and the Debian Way

With all the news about the Heartbleed vulnerability in the OpenSSL package lately I figured that I should make sure my servers were patched. In looking at the version I have installed it seemed I was indeed running one of the affected versions.

$ openssl version
OpenSSL 1.0.1 14 Mar 2012

I was concerned and confused because I was sure that I had made all the recent security updates which I did confirm with:

# apt-get dist-upgrade
Reading package lists… Done
Building dependency tree
Reading state information… Done
Calculating upgrade… Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

So I needed to understand how I could be running all the latest updates but still have version of a package that was in the range of known impacted versions. This led me to some “apt” tools I was not previously aware of.

# apt-get changelog openssl
openssl (1.0.1-4ubuntu5.12) precise-security; urgency=medium

* SECURITY UPDATE: side-channel attack on Montgomery ladder implementation
– debian/patches/CVE-2014-0076.patch: add and use constant time swap in
crypto/bn/bn.h, crypto/bn/bn_lib.c, crypto/ec/ec2_mult.c,
util/libeay.num.
– CVE-2014-0076
* SECURITY UPDATE: memory disclosure in TLS heartbeat extension
– debian/patches/CVE-2014-0160.patch: use correct lengths in
ssl/d1_both.c, ssl/t1_lib.c.
– CVE-2014-0160

— Marc Deslauriers Mon, 07 Apr 2014 15:45:14 -0400

You can see above in the output of “apt-get changelog openssl”, the comment in bold shows that OpenSSL on my system has indeed been patched. I always love it when I learn something new and useful about how the Debian system works.