LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Ubuntu alert USN-613-1 (gnutls12, gnutls13)



From:
    	      Kees Cook <kees@ubuntu.com>


To:
    	      ubuntu-security-announce@lists.ubuntu.com


Subject:
    	      [USN-613-1] GnuTLS vulnerabilities


Date:
    	      Wed, 21 May 2008 07:34:46 -0700


Message-ID:
    	      <20080521143446.GP12850@outflux.net>


Cc:
    	      bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk


=========================================================== 
Ubuntu Security Notice USN-613-1               May 21, 2008
gnutls12, gnutls13 vulnerabilities
CVE-2008-1948, CVE-2008-1949, CVE-2008-1950
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.04
Ubuntu 7.10
Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libgnutls12                     1.2.9-2ubuntu1.2

Ubuntu 7.04:
  libgnutls13                     1.4.4-3ubuntu0.1

Ubuntu 7.10:
  libgnutls13                     1.6.3-1ubuntu0.1

Ubuntu 8.04 LTS:
  libgnutls13                     2.0.4-1ubuntu2.1

After a standard system upgrade you need to reboot your computer to
effect the necessary changes.

Details follow:

Multiple flaws were discovered in the connection handling of GnuTLS.
A remote attacker could exploit this to crash applications linked
against GnuTLS, or possibly execute arbitrary code with permissions of
the application's user.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/gn...
      Size/MD5:   557563 d4a7ed44e30292434380ed775ee7cee2
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/gn...
      Size/MD5:      818 d46f4919e3988219afc3c80035113f28
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/gn...
      Size/MD5:  3305475 4e1a2e9c22c7d6459d5eb5e6484a19c4

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):


http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/li...
      Size/MD5:   491268 3f1429fa95d972c51f48503d5595f268
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/li...
      Size/MD5:   420252 3092516052888efd60451e865f729426

http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls1...
      Size/MD5:   288160 76016ded0ab79a6aa017aebe328e39be

http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls1...
      Size/MD5:   642376 013235b59022b6a231976f29f60c90f6

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/li...
      Size/MD5:   445066 1c333142fc9c0c1cc603f05fb8e10e04
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/li...
      Size/MD5:   372978 1c4022f8f8b61029fc28722861a7c88f

http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls1...
      Size/MD5:   271984 ce0d0c0374b5b989d5757798a779623e

http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls1...
      Size/MD5:   578016 d9986a566aea73078d41ff9dbd3a6154

  powerpc architecture (Apple Macintosh G3/G4/G5):


http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/li...
      Size/MD5:   484130 98bb92742c5ebac7b22bb01bff8a1bda

http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/li...
      Size/MD5:   390752 41c3c6175c55b99f62e7a28a1d28aa74

http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls1...
      Size/MD5:   288398 f62de58a80a67a5dff81abc77e896777

http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls1...
      Size/MD5:   635166 125724549d9a528281ee78d0b4029d4c

  sparc architecture (Sun SPARC/UltraSPARC):


http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/li...
      Size/MD5:   480438 b5802b82ddb4070da70870cde4c0056f
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/li...
      Size/MD5:   376204 7f8da2b38f6874e1c2845703a70b932a

http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls1...
      Size/MD5:   273124 90963120c7d1b8ae3596d4fab4110da1

http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls1...
      Size/MD5:   570222 83f37a221499cdc6b44eebc891d6d023

Updated packages for Ubuntu 7.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/gn...
      Size/MD5:    19295 7ede58c7bbcd6215beb11547965ecc15
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/gn...
      Size/MD5:     1049 f27e68df974f39781754f63d306b0639
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/gn...
      Size/MD5:  4752009 c06ada020e2b69caa51833175d59f8b2

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/gn...
      Size/MD5:  2307388 ca811f6556d307e6cf93b14786d51f75

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):


http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li...
      Size/MD5:   393370 c1e6fb2c19a59df693d8292723767cd2

http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li...
      Size/MD5:   544788 5c4040ce92955476d9a4839fa7723691
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li...
      Size/MD5:   324090 9582e129d9e7d8b8883e1fc58c676df0

http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls1...
      Size/MD5:   185440 3e4f85cb58ff46e6047859c9e40eae3b

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li...
      Size/MD5:   358054 3df1d27b5056aabe2d3e2633b7d9a422

http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li...
      Size/MD5:   527888 05b3b005330fcc3db7ad0347c2c8cff8
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li...
      Size/MD5:   289762 b523eca841531907ea5d5efed425263e

http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls1...
      Size/MD5:   172700 1ca9e38c4410ee606c75b16be88a8326

  powerpc architecture (Apple Macintosh G3/G4/G5):


http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li...
      Size/MD5:   394926 fc26cab41ec334bfc1ebebaa387fa594

http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li...
      Size/MD5:   541752 78addd1a470b8e9321357a62fb7a052a

http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li...
      Size/MD5:   309276 d6e6a8e3d05c3fdab87fc9f58ad88d4f

http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls1...
      Size/MD5:   200272 ab06358a1f996cd32d9a4220659af73b

  sparc architecture (Sun SPARC/UltraSPARC):


http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li...
      Size/MD5:   383170 5e0dbd0ae23158190f77da174462e555

http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li...
      Size/MD5:   495058 3f068d4fef0a3f700744195ac42265c6
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li...
      Size/MD5:   279794 dae2786e8ea02904b7b3edfc696b45dc

http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls1...
      Size/MD5:   175844 78e930a0041adc3f88da1e3cb475de79

Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/gn...
      Size/MD5:    19000 3f8d96094c8661848bab6126ca5c95e3
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/gn...
      Size/MD5:     1067 4576864997e6d4a18816d3836c7f22b1
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/gn...
      Size/MD5:  5071704 3c71020126ac827319183268c97336fe

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/gn...
      Size/MD5:  2405598 1afd1b3300d9c94cd2809d6a7f8eb3ae

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):


http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li...
      Size/MD5:   437310 eac97e36c5f87d9d47068224126ce142

http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li...
      Size/MD5:   791796 a95cb94ffb27ccbc82f8f831a2696319
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li...
      Size/MD5:   346308 97982fae446f511a52c8435c40a02722

http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li...
      Size/MD5:   104558 7c27e8051d52090073a92c5d14b437c5

http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls1...
      Size/MD5:   212032 9bc11aa6c5c254fb42fb3084582a87e4

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li...
      Size/MD5:   399832 f563e359ee1f44e7a642f47b6b6bcb76

http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li...
      Size/MD5:   764122 14983188783b81b0fb4d89f37c1777cd
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li...
      Size/MD5:   314338 d4241906f687259f4331bf0b204089aa
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li...
      Size/MD5:   105266 1394d69817ee438dcb67c576b7b16513

http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls1...
      Size/MD5:   198408 250926d17291a45ad7d317f9fd23e546

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutls-de...
      Size/MD5:   392398 1d822d99b4630d6fab5ace9637e9ac36
    http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutls13-...
      Size/MD5:   777340 768e33d726889b6537b1070fcde37e55
    http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutls13_...
      Size/MD5:   308630 e16925d7042539c06a5c2a38ebb830a6
    http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutlsxx1...
      Size/MD5:   104704 f6b04712b96b59cd9a599dca9d17ba54
    http://ports.ubuntu.com/pool/universe/g/gnutls13/gnutls-b...
      Size/MD5:   199098 007bc39b60ca73fba703c5338d9f272f

  powerpc architecture (Apple Macintosh G3/G4/G5):


http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li...
      Size/MD5:   438872 8bb78c2713235382714e0920faa63b12

http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li...
      Size/MD5:   791520 a638665d0b2fb57604485296edc3d6e6

http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li...
      Size/MD5:   336164 5300c4c742285fcc735750b25240fce5

http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li...
      Size/MD5:   104884 c1cdd29d2da2c41c21bb9b4572d6ca2a

http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls1...
      Size/MD5:   230704 a78a003c50f7706f686391bfeb19beb4

  sparc architecture (Sun SPARC/UltraSPARC):


http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li...
      Size/MD5:   424566 82e7830039d630e2aa7bcf860941f49e

http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li...
      Size/MD5:   715502 e43a1d75532c74e49c70e9546052118e
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li...
      Size/MD5:   304352 c49470588be5ae95b24bab1a637d38f9

http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li...
      Size/MD5:   103276 961ce89ff41717ad809d7f6b0b5925d3

http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls1...
      Size/MD5:   202072 f91e80c948cdbd5f92fbd865ce0189dd

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/gn...
      Size/MD5:    24271 52bcb7cd9df708d88e72bcb1b66e9930
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/gn...
      Size/MD5:     1074 0ffbdd72dcf0aefc00c3cdbc013534ce
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/gn...
      Size/MD5:  5906571 bd783a052b892620534ecfbc4a9bfede

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/gn...
      Size/MD5:  2506366 157efc628e6a17dc4ff814eb2d7f1718

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):


http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li...
      Size/MD5:   384388 8b98efe0646c7b11db3f4e6b4a1b6562

http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li...
      Size/MD5:   743526 31826ecc14af6c6ad6d42d31e710420e
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li...
      Size/MD5:   343430 0667362f9f364001299939eb58797e89

http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li...
      Size/MD5:    30768 47a27b0e7dc33c2768d8a9f7ca74f7d8

http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls1...
      Size/MD5:   140234 ff537941a89f1c9d799a10deb9430011

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li...
      Size/MD5:   344760 12b47348304ff5368017a412c10c19db

http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li...
      Size/MD5:   709748 c5dcfcf5e3302d26dd9ca121cde6d4e7
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li...
      Size/MD5:   306494 5b0997b658ac5a2da3a1e487d37cc8e4
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li...
      Size/MD5:    31376 8c39034713c7e0f8e0de5a873dfa63d2

http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls1...
      Size/MD5:   126506 0b627efa3c5353c5df22069915a337f1

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutls-de...
      Size/MD5:   335788 298679594694c02b9716c8d14e28ba7d
    http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutls13-...
      Size/MD5:   724042 57a32c1e5570025337defe3efd11482c
    http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutls13_...
      Size/MD5:   300674 5a79308f0bc4ba0830301bf77be279d0
    http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutlsxx1...
      Size/MD5:    30798 a8c2caa502b38a7facb79bacd984cd74
    http://ports.ubuntu.com/pool/universe/g/gnutls13/gnutls-b...
      Size/MD5:   127138 65c6cadd4ebef92e1cdc2fe4c851fedf

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutls-de...
      Size/MD5:   383354 a86484729ce85d142f787e3b9667b658
    http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutls13-...
      Size/MD5:   735644 53a01314db40c90619c7c64bf777c0d8
    http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutls13_...
      Size/MD5:   324618 5cf33680e8fb34ee15f050825b796e3e
    http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutlsxx1...
      Size/MD5:    30980 88e0cc1619f94d198e40ce5a596c60c3
    http://ports.ubuntu.com/pool/universe/g/gnutls13/gnutls-b...
      Size/MD5:   159484 0205b31b42607fc30ae89a76f03ee1aa

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutls-de...
      Size/MD5:   370242 9af51ec5b21acab76d3e51ffd1033ba4
    http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutls13-...
      Size/MD5:   659758 2bf757bc460527d35cae6c56e4d196e5
    http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutls13_...
      Size/MD5:   294234 09858134b071cb04190db2e5f88beabe
    http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutlsxx1...
      Size/MD5:    29460 3e5dbc73fbb4b7b30ef5bab36d61e627
    http://ports.ubuntu.com/pool/universe/g/gnutls13/gnutls-b...
      Size/MD5:   129508 6e7e52108fc9b02428d79b784f9b5f23
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds