升级到安全 openssl 失败
方法:
/etc/apt/sources.list 中有:
deb http://security.debian.org/ wheezy/updates main contrib non-free
然后做:
apt-get update
apt-cache policy openssl
apt-get install openssl
apt-cache policy openssl will show you candidate updates
apt-get install openssl will upgrade to last openssl version
实际的:
# uname -a
Linux XXX 3.10-3-amd64 #1 SMP Debian 3.10.11-1 (2013-09-10) x86_64 GNU/Linux
# cat /etc/apt/sources.list | sed '/^#/d' | sed '/^$/d'
deb http://security.debian.org/ wheezy/updates main contrib non-free
# apt-cache policy openssl
openssl:
Installed: 1.0.1e-3
Candidate: 1.0.1e-3
Version table:
*** 1.0.1e-3 0
100 /var/lib/dpkg/status
1.0.1e-2+deb7u6 0
500 ... <cannot post more than 2 "links"> wheezy/updates/main amd64 Packages
500 ... <cannot post more than 2 "links"> wheezy/updates/main amd64 Packages
1.0.1e-2+deb7u4 0
500 ... <cannot post more than 2 "links"> wheezy/main amd64 Packages
500 ... <cannot post more than 2 "links"> wheezy/main amd64 Packages
# apt-get install openssl
Reading package lists... Done
Building dependency tree
Reading state information... Done
openssl is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
是什么赋予了?
答案1
如果我没记错的话,Wheezy 有一个反向移植的 1.0.1e 版 OpenSSL。它仍然可以抵御 heartbleed 攻击。
运行openssl version -a应该给出类似如下的输出:
~# openssl version -a
OpenSSL 1.0.1e 11 Feb 2013
built on: Mon Apr 7 20:32:27 UTC 2014
platform: debian-amd64
如果它是在过去几天内建成的,那就没问题。
答案2
我不知道您从哪里获得了 openssl 1.0.1e-3。但由于它的发布号高于存储库中实际可用的版本,因此它们不被视为升级候选版本。
通过明确选择版本来安装更新:
apt-get install openssl=1.0.1e-2+deb7u6