Ubuntu alert USN-809-1 (gnutls12, gnutls13, gnutls26)
| From: | Jamie Strandboge <jamie@canonical.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-809-1] GnuTLS vulnerabilities | |
| Date: | Wed, 19 Aug 2009 18:55:26 -0500 | |
| Message-ID: | <20090819235526.GA11195@severus.strandboge.com> | |
| Cc: | bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk | |
| Archive‑link: | Article |
=========================================================== Ubuntu Security Notice USN-809-1 August 19, 2009 gnutls12, gnutls13, gnutls26 vulnerabilities CVE-2009-2409, CVE-2009-2730, https://launchpad.net/bugs/305264 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libgnutls12 1.2.9-2ubuntu1.7 Ubuntu 8.04 LTS: libgnutls13 2.0.4-1ubuntu2.6 Ubuntu 8.10: libgnutls26 2.4.1-1ubuntu0.4 Ubuntu 9.04: libgnutls26 2.4.2-6ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Moxie Marlinspike and Dan Kaminsky independently discovered that GnuTLS did not properly handle certificates with NULL characters in the certificate name. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (CVE-2009-2730) Dan Kaminsky discovered GnuTLS would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. This issue only affected Ubuntu 6.06 LTS and Ubuntu 8.10. (CVE-2009-2409) USN-678-1 fixed a vulnerability and USN-678-2 a regression in GnuTLS. The upstream patches introduced a regression when validating certain certificate chains that would report valid certificates as untrusted. This update fixes the problem, and only affected Ubuntu 6.06 LTS and Ubuntu 8.10 (Ubuntu 8.04 LTS and 9.04 were fixed at an earlier date). In an effort to maintain a strong security stance and address all known regressions, this update deprecates X.509 validation chains using MD2 and MD5 signatures. To accomodate sites which must still use a deprected RSA-MD5 certificate, GnuTLS has been updated to stop looking when it has found a trusted intermediary certificate. This new handling of intermediary certificates is in accordance with other SSL implementations. Original advisory details: Martin von Gagern discovered that GnuTLS did not properly verify certificate chains when the last certificate in the chain was self-signed. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. (CVE-2008-4989) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/gn... Size/MD5: 554667 4768cc0dd3cb878c8aa7afee2959ff29 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/gn... Size/MD5: 826 1ab9a0c1cd3523315282efcb7293dd75 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/gn... Size/MD5: 3305475 4e1a2e9c22c7d6459d5eb5e6484a19c4 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/li... Size/MD5: 492490 417aa26bf006f9c6e73d4853e1f185c4 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/li... Size/MD5: 421410 902f41030e3b1108215df708f682a1da http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls1... Size/MD5: 289176 b73384d64a3bee761fa1b38367b6999c http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls1... Size/MD5: 644188 fd9c6da745ad172c2f1e0edcfb320769 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/li... Size/MD5: 446378 b0b93cf0f032fca74fcece6cf7731429 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/li... Size/MD5: 374228 468b5b516d97d226c6df96131eb33485 http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls1... Size/MD5: 272962 1ce7bac47ed06578daeb459d45b18767 http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls1... Size/MD5: 579552 94d654d3848c5acbe4a7afbe3d2681ca powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/li... Size/MD5: 485514 806fc0074fb1ec88484989f3dce6da08 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/li... Size/MD5: 392194 38ee631771c49b3f1ab47e0faa969222 http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls1... Size/MD5: 289456 1c26b2f0e208115b908a5ae7cc5abd71 http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls1... Size/MD5: 636918 667523ee75e49f717e4ecb08b3b99754 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/li... Size/MD5: 481994 a600a9e9e8468ad44665eb9bf9a4c473 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/li... Size/MD5: 377550 9b35ece6edfe90f6191e18bb8ceb6d5e http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls1... Size/MD5: 274108 8b3e86059633097417f55395324b3355 http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls1... Size/MD5: 571492 58af8870aecef6783534609ad95accb7 Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/gn... Size/MD5: 31707 8e5c4a03d06ddb6a6dad9a32737814dc http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/gn... Size/MD5: 1082 b4668c2bc960652bc89988a8f7125c6a http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/gn... Size/MD5: 5906571 bd783a052b892620534ecfbc4a9bfede Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/gn... Size/MD5: 2507274 1643f1c93d8b8cc5310116d853e7a556 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li... Size/MD5: 385124 531093a01e45186a704baa11dd93cf15 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li... Size/MD5: 743652 e49fcdbd9e7f265ee4a332778f8731f3 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li... Size/MD5: 344854 437916aa40d9b706f931721c4c88f731 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li... Size/MD5: 30768 a23f85e68c3628243e4f2c7d31c2512a http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls1... Size/MD5: 140238 56a84d95d58846c1624409975d279fbe i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li... Size/MD5: 345776 03ae7bead3c9c14d4dc47ce24b03319c http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li... Size/MD5: 709966 5275636dc5156d7647e6b6c9f04828d1 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li... Size/MD5: 307838 63028af698a596108220d25df7841539 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/li... Size/MD5: 31384 d7d636a89925e412a7d6ac6edcd87855 http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls1... Size/MD5: 126498 f7f0dd38a5a4d42804ab3aa7c59b5a70 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutls-de... Size/MD5: 336692 bbdd4e1670b604bbb2d34d8960c0d2f8 http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutls13-... Size/MD5: 724500 836998e3eb360bcbd38361aa4004f567 http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutls13_... Size/MD5: 302048 e8a52c895868ef6cc45726ff43bc23bc http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutlsxx1... Size/MD5: 30792 c4638255fd9c5b2c50c6fad1c7ff7afc http://ports.ubuntu.com/pool/universe/g/gnutls13/gnutls-b... Size/MD5: 127136 044da500eb2d345d7b338728602e7ef8 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutls-de... Size/MD5: 383998 3447424db1ce9f028fcec9cbfb463908 http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutls13-... Size/MD5: 736142 7b9aca4c7f4737e335eff74bf12bb554 http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutls13_... Size/MD5: 325900 50bc890b18ccbe235501218c82dd8457 http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutlsxx1... Size/MD5: 31028 69d1559574debb89411184a64fa1b8aa http://ports.ubuntu.com/pool/universe/g/gnutls13/gnutls-b... Size/MD5: 159464 d122c1d6d5d9ca2b6ab551e7aa273448 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutls-de... Size/MD5: 371056 b06b1a25e7642ec78454e2e7ac57133c http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutls13-... Size/MD5: 659954 367c32c1fd12beb9846b6b8c88262ddb http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutls13_... Size/MD5: 295620 c3a7bfa06cc0c2a86e40befb62588018 http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutlsxx1... Size/MD5: 29454 a8d29e11ef888434ed363601a780d0a6 http://ports.ubuntu.com/pool/universe/g/gnutls13/gnutls-b... Size/MD5: 129498 231565b3154e43e6b6b1bae53e05bbb4 Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/g/gnutls26/gn... Size/MD5: 19423 b012c9270dbf34ba73cc5261768ea1f4 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls26/gn... Size/MD5: 1665 fc013ee464ee8805adc97eab9a8e9a55 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls26/gn... Size/MD5: 6059231 1eeaf1539ab42cf677df9035ab4b8db5 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/g/gnutls26/gn... Size/MD5: 2688708 7902dfa81c389717139bdbe46beae2a9 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/g/gnutls26/li... Size/MD5: 450006 4744a1edddd93513ec3a6cd2da7f5ea9 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls26/li... Size/MD5: 1041708 7ca945c027d15eaceb5814475232d81f http://security.ubuntu.com/ubuntu/pool/main/g/gnutls26/li... Size/MD5: 412446 87249f9a4b27273ffc7a342ad671ab9f http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls2... Size/MD5: 144698 4a0b38d61db72a4800736817c8427b9b http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls2... Size/MD5: 77296 70a3233015572f954ff1cf0d50be9e36 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/g/gnutls26/li... Size/MD5: 402408 eb4b0da30605dd69ba4ddf2639f04302 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls26/li... Size/MD5: 998786 80dd0d5f8ca38c7d0d4d698bdafa11ca http://security.ubuntu.com/ubuntu/pool/main/g/gnutls26/li... Size/MD5: 369068 a160d26b5c3c32b8fb2701cab094e6e0 http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls2... Size/MD5: 130614 76f366c871f1a3c4721117b93f2b2bf4 http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls2... Size/MD5: 71520 c69f3bbb3bd7eb3930b1535dad56f0b2 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/g/gnutls26/libgnutls-de... Size/MD5: 391488 04e2d3028ae086398988a4d99d9a53a5 http://ports.ubuntu.com/pool/main/g/gnutls26/libgnutls26-... Size/MD5: 874982 b46bc24485abbdda0a3661e7400f13dd http://ports.ubuntu.com/pool/main/g/gnutls26/libgnutls26_... Size/MD5: 361614 31d656e9e029a50e97643e973efdb30f http://ports.ubuntu.com/pool/universe/g/gnutls26/gnutls-b... Size/MD5: 130282 3276c61532f604e85a8a07336f3b689b powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/g/gnutls26/libgnutls-de... Size/MD5: 440816 a2d45c80fd8f52b064088201f7dbd790 http://ports.ubuntu.com/pool/main/g/gnutls26/libgnutls26-... Size/MD5: 1042268 da18f50823e716773497ba0329ffb565 http://ports.ubuntu.com/pool/main/g/gnutls26/libgnutls26_... Size/MD5: 389332 eac27e6c9d20b7439e1b287a343668d9 http://ports.ubuntu.com/pool/universe/g/gnutls26/gnutls-b... Size/MD5: 160064 975dd7b0bbe1ecea08b58105b5b8ff5f http://ports.ubuntu.com/pool/universe/g/gnutls26/guile-gn... Size/MD5: 77538 a84c6537a4f01334967ff195b42f7078 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/g/gnutls26/libgnutls-de... Size/MD5: 420528 811c15108877b91f24e23074c8fbd028 http://ports.ubuntu.com/pool/main/g/gnutls26/libgnutls26-... Size/MD5: 931060 70539c8fc2174101ee9698df3de28ea9 http://ports.ubuntu.com/pool/main/g/gnutls26/libgnutls26_... Size/MD5: 349258 042586c9605cfc90c179794e484bb660 http://ports.ubuntu.com/pool/universe/g/gnutls26/gnutls-b... Size/MD5: 133212 a4ef9ce1a186fdca1db186f2e94ad0cc http://ports.ubuntu.com/pool/universe/g/gnutls26/guile-gn... Size/MD5: 69070 22ea6192f3421344a83b33741b28f70c Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/g/gnutls26/gn... Size/MD5: 22213 16cd7a18ec444ee4b1cb2c4fa181c290 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls26/gn... Size/MD5: 1704 45287164966155b7e31d7ffb581369ee http://security.ubuntu.com/ubuntu/pool/main/g/gnutls26/gn... Size/MD5: 5984345 8fea7c57f4badcafcd31eb0f981f169a Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/g/gnutls26/gn... Size/MD5: 2690312 79c303c3b30595e4a6e5063587b37e18 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/g/gnutls26/li... Size/MD5: 450002 97ff5851fb28fad89565f85b725a7682 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls26/li... Size/MD5: 1042084 f3b66e3daaf57286d4cd1a67c3f9e074 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls26/li... Size/MD5: 412806 00b0e0f4c20fff1112c612bfb6ed9042 http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls2... Size/MD5: 145008 beb700fcd80e16b2a3d1ddc05b6ef29f http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls2... Size/MD5: 77278 4eead535839d3181256121af0f2ad181 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/g/gnutls26/li... Size/MD5: 402404 e7e036b8e128d4de72ecbe513ee2c7bd http://security.ubuntu.com/ubuntu/pool/main/g/gnutls26/li... Size/MD5: 998704 496a2c01c4244e173a16b1e7526dde59 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls26/li... Size/MD5: 369616 075888a30a325c12c203912995c40823 http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls2... Size/MD5: 130922 d728c7ecc14d322b61153fe164846bda http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls2... Size/MD5: 71524 b12716d1a500f793e9c1f8fbc483992e lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/g/gnutls26/libgnutls-de... Size/MD5: 391528 0528cdadeefbba75edcce6e63e6e9d93 http://ports.ubuntu.com/pool/main/g/gnutls26/libgnutls26-... Size/MD5: 875300 8be5e16398da6e8cbac24227c581c124 http://ports.ubuntu.com/pool/main/g/gnutls26/libgnutls26_... Size/MD5: 362212 d1e26131c085f9e212cf4c737ffbc442 http://ports.ubuntu.com/pool/universe/g/gnutls26/gnutls-b... Size/MD5: 130574 716af2377fa3034b5dcfacf9ef751ab4 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/g/gnutls26/libgnutls-de... Size/MD5: 440808 4186982218e239885c9003e7347c2f73 http://ports.ubuntu.com/pool/main/g/gnutls26/libgnutls26-... Size/MD5: 1042024 3162117293da663c134beb69c782ca76 http://ports.ubuntu.com/pool/main/g/gnutls26/libgnutls26_... Size/MD5: 389866 0ced018684aeb1548b2d3633854fb192 http://ports.ubuntu.com/pool/universe/g/gnutls26/gnutls-b... Size/MD5: 160370 d19443b455a4a269fc486cc3ed06f613 http://ports.ubuntu.com/pool/universe/g/gnutls26/guile-gn... Size/MD5: 77538 c7cdad60919fdddcd667149c522eb6bb sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/g/gnutls26/libgnutls-de... Size/MD5: 420484 9b993e4bf1f08a752e8ccab73f647519 http://ports.ubuntu.com/pool/main/g/gnutls26/libgnutls26-... Size/MD5: 930542 d1a196c6f79f4c3ce3cd5c34c91e7a23 http://ports.ubuntu.com/pool/main/g/gnutls26/libgnutls26_... Size/MD5: 349644 a2281af4ca4803d61d111bbc3615d8e5 http://ports.ubuntu.com/pool/universe/g/gnutls26/gnutls-b... Size/MD5: 133354 6fd94b8f2b05ab7a64f35a890279698a http://ports.ubuntu.com/pool/universe/g/gnutls26/guile-gn... Size/MD5: 68998 bf826c0ea31d1f9a1ca930e0853b9cd1