Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Wed 22 Oct 2014, 22:21
All times are UTC - 4
 Forum index » Off-Topic Area » Security
GnuTLS and other recent Linux security bugs
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [3 Posts]  
Author Message
6502coder

Joined: 23 Mar 2009
Posts: 96
Location: Western United States

PostPosted: Fri 06 Jun 2014, 14:44    Post subject:  GnuTLS and other recent Linux security bugs  

Here are 3 links to very recent ZDnet articles. Can a knowledgeable guru comment on whether Puppy Linux users are at risk and what the prospects of getting fixes might be? I guess that Precise Puppy users might be able to get fixes from the Ubuntu repos, but what about Wary/Racy and 4.x users?

The uncertainty about getting fixes for these kinds of bugs is about the only thing that makes me hesitate to recommend Puppy more often.

"The security team behind the Debian distro are urging users to upgrade their Linux packages after patching a newly-found flaw in the Linux kernel...."

http://www.zdnet.com/patch-ready-for-newly-discovered-linux-kernel-flaw-7000030294/

"New OpenSSL breach is no Heartbleed, but needs to be taken seriously"

http://www.zdnet.com/new-openssl-breech-is-no-heartbleed-but-needs-to-be-taken-seriously-7000030273/?s_cid=e539&ttag=e539&ftag=TRE17cfd61

"Linux PCs running Ubuntu, Debian, and RedHat and an unknown number of applications are at risk again after researchers discovered a critical flaw in the GnuTLS secure communications library..."

http://www.zdnet.com/another-serious-gnutls-bug-exposes-linux-clients-to-server-attacks-7000030205/
Back to top
View user's profile Send private message 
balloon


Joined: 02 Oct 2013
Posts: 45
Location: Miyagi, Japan

PostPosted: Sat 07 Jun 2014, 02:15    Post subject:  

When Heartbleed was shown, I took action about update of OpenSSL.
This is because it judged Heartbleed to have a big adverse effects for Puppy.
There is no problem convinced that the correspondence is necessary for the recent security issues for the moment.

The versions such as Precise, Lucid(Ubuntu), slacko(Slackware) and dpup(Debian) are updated by a package of reference distribution.
The update of the problem package is possible using of "Puppy Package Manager" about these.

Because we can update a package in "apt", we do not have to make a problem about DebianDog.

Attention:
server is targeted for the update of the package now about Lucid.
Therefore the packages such as OpenSSL can install an updated latest edition package.

_________________
BALLOON a.k.a. Fu-sen. ふうせん Fu-sen. (old: 2 8 6) from Japan
Precise-571JP (Japanese Edition)
Puppy Food ぱぴ〜ふ〜ど http://puppylinux-food.zohosites.com/
Back to top
View user's profile Send private message Visit poster's website 
OscarTalks

Joined: 05 Feb 2012
Posts: 901
Location: London, England

PostPosted: Sat 07 Jun 2014, 10:31    Post subject:  

When the heartbleed bug was announced I compiled openssl-1.0.1g in Dpup Wheezy.

I later discovered that curl (and libcurl) was complaining about "no version information available" for libssl.so.*.

I don't think this is a fatal error but I was compiling icecast which depends on libcurl for directory listing and that feature wasn't working. Not sure if there is perhaps some other problem with curl as well.

Anyway, I compiled the latest curl-7.37.0 and that seems to have fixed everything.

So just to say that for anyone upgrading openssl, keep on the lookout to make sure other stuff is not getting broken. If I upgrade openssl to 1.0.1h now I will have to check curl again I suppose.

LATER:-
I compiled openssl-1.0.1h and installed it and my curl / libcurl package still seems to be OK. I have uploaded it to http://smokey01.com/OscarTalks but please NOTE that it is only for Dpup Wheezy and not other Pups.

_________________
Oscar in England

Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [3 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0525s ][ Queries: 12 (0.0092s) ][ GZIP on ]