Advertisement
Front, Kernel, Security, Distributions, Development. See your byline here on LWN.net.
| |||||||||||||||||||
|
| |||||||||||||||||||
Ubuntu alert USN-678-1 (gnutls12, gnutls13, gnutls26)
=========================================================== Ubuntu Security Notice USN-678-1 November 26, 2008 gnutls12, gnutls13, gnutls26 vulnerability CVE-2008-4989 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libgnutls12 1.2.9-2ubuntu1.3 Ubuntu 7.10: libgnutls13 1.6.3-1ubuntu0.2 Ubuntu 8.04 LTS: libgnutls13 2.0.4-1ubuntu2.2 Ubuntu 8.10: libgnutls26 2.4.1-1ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Martin von Gagern discovered that GnuTLS did not properly verify certificate chains when the last certificate in the chain was self-signed. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. (CVE-2008-4989) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/gn... Size/MD5: 556581 825f012f5f264a77aa48bc8237b09d31 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/gn... Size/MD5: 826 6f3ff10d39665a8edbc9ecb7659e44a5 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/gn... Size/MD5: 3305475 4e1a2e9c22c7d6459d5eb5e6484a19c4 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/li... Size/MD5: 491408 1f002f527101e0c6b683df30227a7ca0 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/li... Size/MD5: 420380 fad27dc852a16adc44117756d62d0e17 http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls1... Size/MD5: 288320 ca153dc86b855b30333ac9407baf886b http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls1... Size/MD5: 642572 3c2bffa8a273e94840d906598a10b6ab i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/li... Size/MD5: 445236 984ccd2668b22c08228f5ad3b9118ad7 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/li... Size/MD5: 373076 a744503b6872148d7373e8d744cb3f8b http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls1... Size/MD5: 272158 ced0c086b69cb662aeb9119d6d636640 http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls1... Size/MD5: 578152 e439ae0a247dfbf126fef190a5ca48c4 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/li... Size/MD5: 484276 42f151775cd25182b5a9fc9877c3d7f0 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/li... Size/MD5: 390990 1853a0b9e01b9c63c4f362debf6f763a http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls1... Size/MD5: 288554 54b1294ed778ae7249ceb189b7e6b1ea http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls1... Size/MD5: 635362 475152ab34d9f3ee43a8a26af5b550ef sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/li... Size/MD5: 480588 c34fec376c595b7a5a56a34317ed1e7e http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/li... Size/MD5: 376316 52a579600230e2f8847d4675013b19ff http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls1... Size/MD5: 273296 7f8a07e78f7801a40d465da9fd000b2b http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls1... Size/MD5: 570398 6b370ca110159f2b78e61b979790afeb Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/gn... Size/MD5: 19375 230b40aa08ab30fe901cc6c42717e65c http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/gn... Size/MD5: 1075 0268db7d5539ff6bb1bbf575351761e3 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/gn... Size/MD5: 5071704 3c71020126ac827319183268c97336fe Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/gn... Size/MD5: 2405926 0ed3fb7c4e7ec68f472a91eff67ec8f8 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li... Size/MD5: 437430 533efa25844f98f6391d3c077845a48a http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li... Size/MD5: 791974 3636d444f25329d5a2fe158d23366ca3 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li... Size/MD5: 346496 8f09afdace298b2f42b579d09506ab96 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li... Size/MD5: 104710 d51b891625723947670ea8a30cd9520b http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls1... Size/MD5: 212240 74f02b2f1d814f366e8854f4385739e2 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li... Size/MD5: 399946 023fbb5a0d1084e5e4dd5f306b90c66a http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li... Size/MD5: 764338 240dc153f2de7cdc9e6e577b758dbf1d http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li... Size/MD5: 314550 0d9affea97ad8c122ffc775af9329faf http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li... Size/MD5: 105422 7247759f5de99adc6d46200c815e4619 http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls1... Size/MD5: 198596 5c58072bf9f6755fd3728e2836c0159d lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutls-de... Size/MD5: 392512 4419c6d6548a8e80ce2efc945d4df95e http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutls13-... Size/MD5: 777470 da11473218d2e367c80b99e9eb6be0d1 http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutls13_... Size/MD5: 308800 84d7a527292e5ee3cb4ec4850121ff32 http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutlsxx1... Size/MD5: 104852 f3b56c896026ba5d37e5286906fe7382 http://ports.ubuntu.com/pool/universe/g/gnutls13/gnutls-b... Size/MD5: 199294 a486c31eb07b2eab491fe5d839f4059f powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li... Size/MD5: 438938 baa70879936f85e5e5b8083e0826a82b http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li... Size/MD5: 791674 2e18b251be6a1103a0b69e18e5b0d804 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li... Size/MD5: 336274 f3ddef4a8c5656b79e0dab558ff0ab43 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li... Size/MD5: 105030 896eada71253af6b610a3a9ac3332f3d http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls1... Size/MD5: 230882 7ece86ed75e93651cef01752b999e075 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li... Size/MD5: 424672 4bb786c4e778fd12993f871568ddd5d4 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li... Size/MD5: 715632 210344d0f1431fa5754efb79a17aca86 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li... Size/MD5: 304474 fc6a6dd54487c356c0b15c6366b462a4 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li... Size/MD5: 103420 0d13113a5606886a7668226c11ceb0a5 http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls1... Size/MD5: 202256 3919b1a92727f6ecfe70bc60722eaae3 Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/gn... Size/MD5: 24616 5b6a5c672a3f52a1a8a88a561af44fcc http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/gn... Size/MD5: 1082 65030a592390d7e06b19cd453fd5ee85 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/gn... Size/MD5: 5906571 bd783a052b892620534ecfbc4a9bfede Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/gn... Size/MD5: 2506624 5737eb362a91ea1314ef0baf4bb31602 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li... Size/MD5: 384320 902f11dc2c69bee94a42a4be30721c56 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li... Size/MD5: 743530 b4a59dd1a82b6042d9ecdb0c35ddd183 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li... Size/MD5: 343592 e86fab98731afec4dc7b931bc02e6bfd http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li... Size/MD5: 30764 0321c62844c837d7077ed27ce6b53d09 http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls1... Size/MD5: 140222 b49b6cf5b7b9d97ce2bb909dab0441ab i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li... Size/MD5: 344716 c2deb5336fad004d1c2ee10059ec00ec http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li... Size/MD5: 709730 cb80bca213f03b553332ee99aabd4426 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li... Size/MD5: 306616 d51295a377e4fccd435d1cf54f4adc03 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li... Size/MD5: 31374 ff10b3e953a549a68f5dcb2ae7f38d66 http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls1... Size/MD5: 126498 972ae4f4958f8922173d016826f89caf lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutls-de... Size/MD5: 335730 6550a75b5c2db1f37e7d33ba72f892e2 http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutls13-... Size/MD5: 724018 c77eeb5d86fa23692b77878cda89e3de http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutls13_... Size/MD5: 300776 21544198575ef14b672ac954555ea35a http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutlsxx1... Size/MD5: 30790 34fc23a6c4cde8425cba85aa78c72490 http://ports.ubuntu.com/pool/universe/g/gnutls13/gnutls-b... Size/MD5: 127138 9b7f63a5c900a018f2deab1249851783 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutls-de... Size/MD5: 383290 0b2d13114b6e000cfd3f18293d4ca3ed http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutls13-... Size/MD5: 735584 b22ecc8a3d7e1477a2ff476f93162d7e http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutls13_... Size/MD5: 324712 3130b4223a05cc01b96733e30ff1687d http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutlsxx1... Size/MD5: 30980 b8f5ab5d16294fc33784048b0cc87709 http://ports.ubuntu.com/pool/universe/g/gnutls13/gnutls-b... Size/MD5: 159478 a8f6a5e967fc7c2f2a3cd43416397f67 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutls-de... Size/MD5: 370214 94238f132fa7a9e0cc830bb58e417231 http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutls13-... Size/MD5: 659732 8ca55c37f9c0a6cb82936519098d87d9 http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutls13_... Size/MD5: 294320 cb4b4a359124167cd720702ca18dd9e5 http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutlsxx1... Size/MD5: 29454 d32ec9f4abfbdc6f0999a79f24c8bffe http://ports.ubuntu.com/pool/universe/g/gnutls13/gnutls-b... Size/MD5: 129500 9880b2f4add13cf5557ccb6087fceb62 Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/g/gnutls26/gn... Size/MD5: 15241 723c3384a94a346b7a779e01e29ada53 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls26/gn... Size/MD5: 1581 7ce2656c86ce2d08b4ec7aef0486e867 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls26/gn... Size/MD5: 6059231 1eeaf1539ab42cf677df9035ab4b8db5 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/g/gnutls26/gn... Size/MD5: 2688186 014ab9ad92f6b7c0838133cbace79870 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/g/gnutls26/li... Size/MD5: 449250 e6d480b5b2ac1e3cf774d6c83f0dd55e http://security.ubuntu.com/ubuntu/pool/main/g/gnutls26/li... Size/MD5: 1041110 226bf514d39627542a8a850d9e91a602 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls26/li... Size/MD5: 411122 998dd3146bb6b8526bebbd64d73a3922 http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls2... Size/MD5: 144696 b4d78fb16b3b2afcd2bcceb50d10e934 http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls2... Size/MD5: 77292 971b6f7718ebbeb8288c2d2838d48f3d i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/g/gnutls26/li... Size/MD5: 401508 145166dbc2e35b7dd7000c510dba5c09 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls26/li... Size/MD5: 998272 02537a9c673805b60133634a95d82be8 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls26/li... Size/MD5: 367754 a81f7f34d2f4e3d73cc0c6fa39a64d10 http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls2... Size/MD5: 130622 0ec88456caa2f921a1427c7b383fcf8e http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls2... Size/MD5: 71518 8dec3f873e02651514c95e9c70c586ed lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/g/gnutls26/libgnutls-de... Size/MD5: 390564 de4c056ee88fb6b7827abed822da6657 http://ports.ubuntu.com/pool/main/g/gnutls26/libgnutls26-... Size/MD5: 874402 442822fa32d636851a464c80bd212d10 http://ports.ubuntu.com/pool/main/g/gnutls26/libgnutls26_... Size/MD5: 360258 f9916a9e7535ea18af974f4dbbd6d4bf http://ports.ubuntu.com/pool/universe/g/gnutls26/gnutls-b... Size/MD5: 130268 df52123209b80ff75545453d41eb3b03 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/g/gnutls26/libgnutls-de... Size/MD5: 440026 d7c7bd80fba09323f0e0ac3613ea0569 http://ports.ubuntu.com/pool/main/g/gnutls26/libgnutls26-... Size/MD5: 1041772 3a4458097a15c93107f12ea509ab8777 http://ports.ubuntu.com/pool/main/g/gnutls26/libgnutls26_... Size/MD5: 388092 587419b9c159c3254e93ca2ad482b050 http://ports.ubuntu.com/pool/universe/g/gnutls26/gnutls-b... Size/MD5: 160038 26b05d2db44b3a0d4b112996841f60f3 http://ports.ubuntu.com/pool/universe/g/gnutls26/guile-gn... Size/MD5: 77530 1d9dc955ebfe6bb5c771780014d7de4d sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/g/gnutls26/libgnutls-de... Size/MD5: 419632 ede5870777eac1459d732b533c182201 http://ports.ubuntu.com/pool/main/g/gnutls26/libgnutls26-... Size/MD5: 930414 51d4d3fa0aa7702c471a8ee15066c37a http://ports.ubuntu.com/pool/main/g/gnutls26/libgnutls26_... Size/MD5: 347990 4926ba4e23c607c58b15c1eb375fd46b http://ports.ubuntu.com/pool/universe/g/gnutls26/gnutls-b... Size/MD5: 133206 9c0a4c8e6c86cea663c243dd5d56fb6a http://ports.ubuntu.com/pool/universe/g/gnutls26/guile-gn... Size/MD5: 69064 8b39b8032caa06088770426acf0d90de -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security... (Log in to post comments)
|
|
||||||||||||||||||