[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [DONATE]

Can't install latest Electrum version


#1

I followed this guide https://www.whonix.org/wiki/Electrum and installed electrum from debian stretch-backports repository, but it installs version 3.1.3 which is old version, the latest version is 3.3.3. I tried to install the latest version following the instructions from electrum site, but it needs python 3.6, and the installed version of python is 2.7. I found some guides which show how to install python 3.6 from debian testing repository, which i haven’t tested, but will this break whonix security?


#2

Electrum version 3.1.3 is vulnerable to a phishing malware popup attack: http://electrum-malware.surge.sh/

Users should not be installing Electrum version 3.1.3, the wiki needs updating.


#3

Since there is not possible to install the latest 3.3.3 version via apt, what can happen if i use version 3.1.3? The warning from electrum site is:

Warning: Versions of Electrum older than 3.3.3 are vulnerable to a phishing attack 1, where malicious servers are able to display a message asking users to download a fake version of Electrum. Do not download software updates from another source than electrum.org. In order to reach users of vulnerable versions, we have started to use the same vulnerability, and to direct them to electrum.org.

Which means that if i don’t download fake version of electrum i will be safe. Is there any other risks of using version 3.1.3?


#4

As long as you use APT to install/update electrum (sudo apt-get install electrum // sudo apt-get update && sudo apt-get dist-upgrade) this vulnerability will not affect you.

As far as any other risks, there are always risks and/or unknown vulnerabilities.


#5

Yes, but updating electrum using apt will not be possible until debian include version 3.3.3 in its repository, correct? Which i think will not happen with the current debian stretch version, because electrum 3.3.3 needs python 3.6, and debian stretch do not use python 3.6.


#6

Correct.

Looks likely.
python3.6 is not stretch-backports, so unlikely indeed.
And worse so, python3.6 is not even in Debian buster, only in Debian sid.
https://packages.debian.org/sid/python3.6
https://tracker.debian.org/python3.6
https://tracker.debian.org/news/1025205/python36-removed-from-testing/


#7

This is what i don’t like in debian, it uses too many outdated packages.


#8

Hi @,

I am currently using Electrum-3.3.2 which is not recommended anymore.

Is there an easily and safest way to upgrade my current version to Electrum-3.3.4.?

Thank you for your greatful help.

Best regards,

Edit : I read the thread and it seems I can’t upgrade as python 3.6 is not available on debian stretch, would you please confirm ? Thanks


#9

Hi Cottonwoodhill

Good to see you again!

The latest version of Electrum available from the Debian repositories is electrum-3.2.3-1 . This is from the unstable (sid) repo.

https://packages.debian.org/sid/electrum

The only easy/safe way that i know to install electrum is from Debian repositories.

Please see:

https://whonix.org/wiki/Install_Software#Best_Practices


#10

Hi 0brand

It is always a pleasure to read you and I really appreciate the help & time you provide when somebody needs some support :grinning::+1:

Well, I’m still over there, reading & learing but you are right I haven’t posted for some time.

I’m gonna to have a look on your documentation but just to be sure, you wanted to point out the Electrum (3.2.3-1) version and not Electrum-3.3.2 which I am allready using ?

Thanks again and best regards.

Edit : typos, sorry for that.


#11

Correct. That was a typo. (my bad) Its electrum-3.2.3-1 installed from Debian unstable (sid). Keep in mind the older versions are vulnerable to the fishing attack vulnerability but that will not be a problem as long as you update your packages using APT.


#12

Correct. That was a typo. (my bad) Its electrum-3.2.3-1 installed from Debian unstable (sid). Keep in mind the older versions are vulnerable to the fishing attack vulnerability but that will not be a problem as long as you update your packages using APT.

Great :pray:
Thanks so much for your precision !
Have a nice day and read you soon :blush: