Hello. As it was announced today (8-th of April) there is a bug in openSSL library, which used by current Linux distributives, including Debian Wheezy (which is used in Mycloud). Hacker could password and compromise device running openSSL. So, any Mycloud devices is in danger now. I’ve tested my NAS using online check tool, and it say I’m in danger. So, whan the patch will came out? (so far I disabled internet access to my MyCloud)
I did as you and pointed the test to my external IP and port numbers (443 and 8443). I got the “Uh-oh, something went wrong:” message. I hope I am doing the test correctly.
I haven’t checked ALL distros, but the four I run (as of last night) still had not updated the distros.
But when I checked this morning, Ubuntu now has 1.0.1e-3ubuntu1.2 – which is patched.
Blah31 wrote:
However, apt.get upgrade in MyCloud bricks the box due to the well known mess WD left there!!
Well, that’s pretty strange approach to upgrading a single package…
The correct way to do the upgrade:
CloudNAS:~# apt-get --only-upgrade install openssl
Reading package lists... Done
Building dependency tree
Reading state information... Done
openssl is already the newest version.
That shows that openssl is still the latest version available – the distro for arch armv71 still does not have a patched openssl package.
I just manually installed the openssl_1.0.1e-2+deb7u6_armhf.deb package on my Cloud…
All good. :)
TonyPh12345, I tested 6 times and for some reason I also had to install libssl1.0.0_1.0.1e-2+deb7u6_armhf.deb before the test came back All good, IP ADDRESS:9444 seems fixed or unaffected!
This was done 6 times just installing openssl_1.0.1e-2+deb7u6_armhf.deb and testing and then going back to factory firmware
When I posted this morning, I had 10 successive “It’s Good” results.
When I looked again after lunch, it was like the check webpage was manic… One in six tests would say “Vulnerable.” So I dug into it and saw the other dependency.