GnuTLS bug on LMDE

Archived topics about LMDE 1
Forum rules
godlanier
Level 1
Level 1
Posts: 2
Joined: Wed Mar 05, 2014 6:37 pm

GnuTLS bug on LMDE

Postby godlanier » Wed Mar 05, 2014 7:17 pm

Must of you should've heard about the last security issue discovered by an auditor in Red Hat that affects the SSL/TLS library and put in risk our online security, most main distros already released patches for the affected packages, including Debian.

I didn't find the patched version on LMDE, when I made an update & #aptitude show libgnutls26 the output was Version: 2.12.23-8 (an affected version)

Adding the official Debian repo for Jessie (through the mintUpdate GUI if you prefer) will let you upgrade this package to solve this important security issue:

Code: Select all

deb http://http.us.debian.org/debian/ testing main contrib

Monsta
Level 9
Level 9
Posts: 2925
Joined: Fri Aug 19, 2011 3:46 am

Re: GnuTLS bug on LMDE

Postby Monsta » Thu Mar 06, 2014 3:19 am

First, the patch has been applied not only to gnutls26 but also to gnutls28.

Second, both packages still haven't migrated to Testing (due to some build issue related to kfreebsd-i386 architecture), so anyone wishing to get the fixes should add Unstable, not Testing.

And the usual warning: don't forget to remove these repos from the sources list after you're done with installing the needed packages.

FranzZ
Level 1
Level 1
Posts: 1
Joined: Thu Mar 06, 2014 4:44 am

Re: GnuTLS bug on LMDE

Postby FranzZ » Thu Mar 06, 2014 4:47 am

It seems that only version 3.2.11-1 is available on unstable as of today (gnutls28 : https://packages.debian.org/sid/libgnutls28).

EDIT: fixed typo.
Last edited by FranzZ on Thu Mar 06, 2014 11:31 am, edited 1 time in total.

Monsta
Level 9
Level 9
Posts: 2925
Joined: Fri Aug 19, 2011 3:46 am

Re: GnuTLS bug on LMDE

Postby Monsta » Thu Mar 06, 2014 5:28 am

Stable? :shock:

kurotsugi
Level 6
Level 6
Posts: 1055
Joined: Fri Jan 25, 2013 3:54 am

Re: GnuTLS bug on LMDE

Postby kurotsugi » Thu Mar 06, 2014 9:03 am

the security patch is on 3.2.11-2. if everything is good we'll get that tomorrow :3

godlanier
Level 1
Level 1
Posts: 2
Joined: Wed Mar 05, 2014 6:37 pm

Re: GnuTLS bug on LMDE

Postby godlanier » Thu Mar 06, 2014 10:20 am

Monsta wrote:First, the patch has been applied not only to gnutls26 but also to gnutls28.

Second, both packages still haven't migrated to Testing (due to some build issue related to kfreebsd-i386 architecture), so anyone wishing to get the fixes should add Unstable, not Testing.

And the usual warning: don't forget to remove these repos from the sources list after you're done with installing the needed packages.


That's right, my bad, as for today the lastest patch for libgnutls26 (2.12.23-13) isn't in Testing yet, there's still the 2.12.23-12 version from the previous DSA, upgrade from Sid! (libgnutls26, libgnutls28, libgnutls-openssl27)

Monsta
Level 9
Level 9
Posts: 2925
Joined: Fri Aug 19, 2011 3:46 am

Re: GnuTLS bug on LMDE

Postby Monsta » Thu Mar 06, 2014 1:02 pm

Both packages migrated to Testing a few hours ago.

The most convenient way of upgrading all that's needed is to use:

Code: Select all

sudo aptitude install '?installed?source-package(gnutls26)'
This will upgrade all the packages that are built from the source package gnutls26.

The same goes for gnutls28:

Code: Select all

sudo aptitude install '?installed?source-package(gnutls28)'

User avatar
clem
Level 15
Level 15
Posts: 5661
Joined: Wed Nov 15, 2006 8:34 am
Contact:

Re: GnuTLS bug on LMDE

Postby clem » Sat Mar 08, 2014 8:23 am

Hi,

Both packages were upgraded in LMDE today.
Image

User avatar
killer de bug
Level 12
Level 12
Posts: 4336
Joined: Tue Jul 08, 2008 1:49 pm
Location: Graz, Austria

Re: GnuTLS bug on LMDE

Postby killer de bug » Sat Mar 08, 2014 8:42 am

Thanks a lot clem. :wink:
Image
If it ain't broke, fix it until it is.


Return to “Archive”

Who is online

Users browsing this forum: No registered users and 4 guests