Hi,
Anyone any idea how to patch libgnutls26 using the following source:
http://www.ubuntu.com/usn/usn-2127-1/
Regards,
GK
http://www.zeit.de/digital/datenschutz/ ... eitsluecke
How to patch libgnutls26?
In slacko the update manager *should* work. But the version is patched from upstream so shows as the same version but a different build number.
To get the patched version:
1. Run updates manager form setup menu
2. go tp PPM and use the configuration utility to enable the Patches repo
3. Restart PPM
4, In the search box type gnutls
5. select the version from Patches repo and install
6. Restart your computer
To get the patched version:
1. Run updates manager form setup menu
2. go tp PPM and use the configuration utility to enable the Patches repo
3. Restart PPM
4, In the search box type gnutls
5. select the version from Patches repo and install
6. Restart your computer
Puppy Linux Blog - contact me for access
So it affects mainly WIFI wireless connections to a router .?If a remote attacker were able to
perform a man-in-the-middle attack,
this flaw could be exploited with
specially crafted certificates to view sensitive information.
The Zeit newspaper article mentiones only two lines .
But might be more .
I don't know if programs would need to be recompiled that use gnuTLS shared libraries .
Static compiles at least would need .
Seems to be patched
So what I did two weeks ago was downloading
https://launchpad.net/ubuntu/+archive/p ... 7_i386.deb
from
https://launchpad.net/ubuntu/+source/gnutls26
(click the triangle at "The Precise Pangolin" -> "2.12.14-5ubuntu3.7 updates, security (main)" and select the correct OS)
Then I extracted the deb-file and copied the libraries by hand to the corresponding locations.
The old file libgnutls.so.26.21.8 was of size 79xxxx byte (cannot remember, and are using another OS in the moment), the new file is of size 801644 byte so the two files differ at last.
Due to a reinstallation of puppy precise, I realized that reinstalling libgnutls using the package manager, i.e. simply clicking on the libgnutls item in ppm even though it is already installed, resulted in the same libgnutls.so.26.21.8 801644 byte file (I did no diff). So it seems the patched version is already in the repositories.
Regards,
GK
https://launchpad.net/ubuntu/+archive/p ... 7_i386.deb
from
https://launchpad.net/ubuntu/+source/gnutls26
(click the triangle at "The Precise Pangolin" -> "2.12.14-5ubuntu3.7 updates, security (main)" and select the correct OS)
Then I extracted the deb-file and copied the libraries by hand to the corresponding locations.
The old file libgnutls.so.26.21.8 was of size 79xxxx byte (cannot remember, and are using another OS in the moment), the new file is of size 801644 byte so the two files differ at last.
Due to a reinstallation of puppy precise, I realized that reinstalling libgnutls using the package manager, i.e. simply clicking on the libgnutls item in ppm even though it is already installed, resulted in the same libgnutls.so.26.21.8 801644 byte file (I did no diff). So it seems the patched version is already in the repositories.
Regards,
GK