Yesterday I wrote an article about how you can replace the version of Ubuntu you are running in your /etc/apt/sources.list file so you can upgrade to the GnuTLS 3.2.15 which is only available in the Ubuntu 14.10 repositories at the moment, and is the only version in the repositories that is not vulnerable to the latest GnuTLS exploit according to ZDNet.
Well, I mention at the end of that post that doing that is not the recommended way of doing things, and you should probably install GnuTLS from source. So I will tell you how to do that in this article, but instead of using GnuTLS 3.2.15, we will install 3.1.23 which is also not vulnerable to the latest GnuTLS vulnerability.
Why 3.1.23 though? Because to compile it you need to have libnettle 1.5 installed. That is the version that is available in the Ubuntu 14.04 repository. I tried manually installing GnuTLS 3.3.3, but it kept failing because it was looking for libnettle 1.7. I also tried installing libnettle 1.7 from source and got errors there too. Trust me, upgrading to Ubuntu 14.04 and installing GnuTLS 3.1.23 will be less of a headache.
Anyway, here is how you do it:
- Install the prequisitessudo apt-get install build-essential nettle-dev libgmp-dev
- Download the GnuTLS source fileswget ftp://ftp.gnutls.org/gcrypt/gnutls/v3.1/gnutls-3.1.23.tar.xz
- Extract the filesunxz gnutls-3.1.23.tar.xz && tar -xvf gnutls-3.1.23.tar
- Change into the build directorycd gnutls-3.1.23
- Compile and install./configure && make && make install
- Add a symlink to your libgnutls.so.28 file so gnutls-cli can tell us what version we are runningln -s /usr/local/lib/libgnutls.so.28 /usr/lib/libgnutls.so.28
gnutls-cli 3.1.23Boom! Hack me now!
Copyright (C) 2000-2012 Free Software Foundation, all rights reserved.
This is free software. It is licensed for use, modification and
redistribution under the terms of the GNU General Public License,
version 3 or later <http://gnu.org/licenses/gpl.html>