GnuTLS bug on LMDE

Post your update and upgrade related errors here
Forum rules
Before you post please read this

GnuTLS bug on LMDE

Postby godlanier on Wed Mar 05, 2014 7:17 pm

Must of you should've heard about the last security issue discovered by an auditor in Red Hat that affects the SSL/TLS library and put in risk our online security, most main distros already released patches for the affected packages, including Debian.

I didn't find the patched version on LMDE, when I made an update & #aptitude show libgnutls26 the output was Version: 2.12.23-8 (an affected version)

Adding the official Debian repo for Jessie (through the mintUpdate GUI if you prefer) will let you upgrade this package to solve this important security issue:

Code: Select all
deb http://http.us.debian.org/debian/ testing main contrib
godlanier
Level 1
Level 1
 
Posts: 2
Joined: Wed Mar 05, 2014 6:37 pm

Linux Mint is funded by ads and donations.
 

Re: GnuTLS bug on LMDE

Postby Monsta on Thu Mar 06, 2014 3:19 am

First, the patch has been applied not only to gnutls26 but also to gnutls28.

Second, both packages still haven't migrated to Testing (due to some build issue related to kfreebsd-i386 architecture), so anyone wishing to get the fixes should add Unstable, not Testing.

And the usual warning: don't forget to remove these repos from the sources list after you're done with installing the needed packages.
Monsta
Level 8
Level 8
 
Posts: 2451
Joined: Fri Aug 19, 2011 3:46 am

Re: GnuTLS bug on LMDE

Postby FranzZ on Thu Mar 06, 2014 4:47 am

It seems that only version 3.2.11-1 is available on unstable as of today (gnutls28 : https://packages.debian.org/sid/libgnutls28).

EDIT: fixed typo.
Last edited by FranzZ on Thu Mar 06, 2014 11:31 am, edited 1 time in total.
FranzZ
Level 1
Level 1
 
Posts: 1
Joined: Thu Mar 06, 2014 4:44 am

Re: GnuTLS bug on LMDE

Postby Monsta on Thu Mar 06, 2014 5:28 am

Stable? :shock:
Monsta
Level 8
Level 8
 
Posts: 2451
Joined: Fri Aug 19, 2011 3:46 am

Re: GnuTLS bug on LMDE

Postby kurotsugi on Thu Mar 06, 2014 9:03 am

the security patch is on 3.2.11-2. if everything is good we'll get that tomorrow :3
kurotsugi
Level 5
Level 5
 
Posts: 891
Joined: Fri Jan 25, 2013 3:54 am

Re: GnuTLS bug on LMDE

Postby godlanier on Thu Mar 06, 2014 10:20 am

Monsta wrote:First, the patch has been applied not only to gnutls26 but also to gnutls28.

Second, both packages still haven't migrated to Testing (due to some build issue related to kfreebsd-i386 architecture), so anyone wishing to get the fixes should add Unstable, not Testing.

And the usual warning: don't forget to remove these repos from the sources list after you're done with installing the needed packages.


That's right, my bad, as for today the lastest patch for libgnutls26 (2.12.23-13) isn't in Testing yet, there's still the 2.12.23-12 version from the previous DSA, upgrade from Sid! (libgnutls26, libgnutls28, libgnutls-openssl27)
godlanier
Level 1
Level 1
 
Posts: 2
Joined: Wed Mar 05, 2014 6:37 pm

Re: GnuTLS bug on LMDE

Postby Monsta on Thu Mar 06, 2014 1:02 pm

Both packages migrated to Testing a few hours ago.

The most convenient way of upgrading all that's needed is to use:
Code: Select all
sudo aptitude install '?installed?source-package(gnutls26)'
This will upgrade all the packages that are built from the source package gnutls26.

The same goes for gnutls28:
Code: Select all
sudo aptitude install '?installed?source-package(gnutls28)'
Monsta
Level 8
Level 8
 
Posts: 2451
Joined: Fri Aug 19, 2011 3:46 am

Re: GnuTLS bug on LMDE

Postby clem on Sat Mar 08, 2014 8:23 am

Hi,

Both packages were upgraded in LMDE today.
Image
User avatar
clem
Level 15
Level 15
 
Posts: 5548
Joined: Wed Nov 15, 2006 8:34 am

Re: GnuTLS bug on LMDE

Postby killer de bug on Sat Mar 08, 2014 8:42 am

Thanks a lot clem. :wink:
If I have seen further it is by standing on the shoulders of giants. [Isaac Newton]
User avatar
killer de bug
Level 7
Level 7
 
Posts: 1804
Joined: Tue Jul 08, 2008 1:49 pm
Location: Austria

Linux Mint is funded by ads and donations.
 

Return to Update/Upgrade Issues

Who is online

Users browsing this forum: No registered users and 2 guests