GnuTLS bug on LMDE

Archived topics about LMDE 1 and LMDE 2
Locked
godlanier

GnuTLS bug on LMDE

Post by godlanier »

Must of you should've heard about the last security issue discovered by an auditor in Red Hat that affects the SSL/TLS library and put in risk our online security, most main distros already released patches for the affected packages, including Debian.

I didn't find the patched version on LMDE, when I made an update & #aptitude show libgnutls26 the output was Version: 2.12.23-8 (an affected version)

Adding the official Debian repo for Jessie (through the mintUpdate GUI if you prefer) will let you upgrade this package to solve this important security issue:

Code: Select all

deb http://http.us.debian.org/debian/ testing main contrib
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Monsta
Level 10
Level 10
Posts: 3071
Joined: Fri Aug 19, 2011 3:46 am

Re: GnuTLS bug on LMDE

Post by Monsta »

First, the patch has been applied not only to gnutls26 but also to gnutls28.

Second, both packages still haven't migrated to Testing (due to some build issue related to kfreebsd-i386 architecture), so anyone wishing to get the fixes should add Unstable, not Testing.

And the usual warning: don't forget to remove these repos from the sources list after you're done with installing the needed packages.
FranzZ

Re: GnuTLS bug on LMDE

Post by FranzZ »

It seems that only version 3.2.11-1 is available on unstable as of today (gnutls28 : https://packages.debian.org/sid/libgnutls28).

EDIT: fixed typo.
Last edited by FranzZ on Thu Mar 06, 2014 11:31 am, edited 1 time in total.
Monsta
Level 10
Level 10
Posts: 3071
Joined: Fri Aug 19, 2011 3:46 am

Re: GnuTLS bug on LMDE

Post by Monsta »

Stable? :shock:
kurotsugi

Re: GnuTLS bug on LMDE

Post by kurotsugi »

the security patch is on 3.2.11-2. if everything is good we'll get that tomorrow :3
godlanier

Re: GnuTLS bug on LMDE

Post by godlanier »

Monsta wrote:First, the patch has been applied not only to gnutls26 but also to gnutls28.

Second, both packages still haven't migrated to Testing (due to some build issue related to kfreebsd-i386 architecture), so anyone wishing to get the fixes should add Unstable, not Testing.

And the usual warning: don't forget to remove these repos from the sources list after you're done with installing the needed packages.
That's right, my bad, as for today the lastest patch for libgnutls26 (2.12.23-13) isn't in Testing yet, there's still the 2.12.23-12 version from the previous DSA, upgrade from Sid! (libgnutls26, libgnutls28, libgnutls-openssl27)
Monsta
Level 10
Level 10
Posts: 3071
Joined: Fri Aug 19, 2011 3:46 am

Re: GnuTLS bug on LMDE

Post by Monsta »

Both packages migrated to Testing a few hours ago.

The most convenient way of upgrading all that's needed is to use:

Code: Select all

sudo aptitude install '?installed?source-package(gnutls26)'
This will upgrade all the packages that are built from the source package gnutls26.

The same goes for gnutls28:

Code: Select all

sudo aptitude install '?installed?source-package(gnutls28)'
User avatar
clem
Level 12
Level 12
Posts: 4303
Joined: Wed Nov 15, 2006 8:34 am
Contact:

Re: GnuTLS bug on LMDE

Post by clem »

Hi,

Both packages were upgraded in LMDE today.
Image
killer de bug

Re: GnuTLS bug on LMDE

Post by killer de bug »

Thanks a lot clem. :wink:
Locked

Return to “LMDE Archive”