[USN-948-1] GnuTLS vulnerability

Jamie Strandboge jamie at canonical.com
Thu Jun 3 23:08:54 UTC 2010


===========================================================
Ubuntu Security Notice USN-948-1              June 03, 2010
gnutls12 vulnerability
CVE-2006-7239
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libgnutls12                     1.2.9-2ubuntu1.8

In general, a standard system update will make all the necessary changes.

Details follow:

It was discovered that GnuTLS did not always properly verify the hash
algorithm of X.509 certificates. If an application linked against GnuTLS
processed a crafted certificate, an attacker could make GnuTLS dereference
a NULL pointer and cause a DoS via application crash.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/gnutls12_1.2.9-2ubuntu1.8.diff.gz
      Size/MD5:   558633 cfa2b4b5dca0d47cd1f99e40ec65a39a
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/gnutls12_1.2.9-2ubuntu1.8.dsc
      Size/MD5:      827 525c9dffc5df8c6c312af2ea6d387548
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/gnutls12_1.2.9.orig.tar.gz
      Size/MD5:  3305475 4e1a2e9c22c7d6459d5eb5e6484a19c4

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/libgnutls-dev_1.2.9-2ubuntu1.8_amd64.deb
      Size/MD5:   492576 1e3a14750f107c78ead283ebacb76750
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/libgnutls12_1.2.9-2ubuntu1.8_amd64.deb
      Size/MD5:   421484 63c7d9fe2694083aa660deb2c88f48ac
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls12/gnutls-bin_1.2.9-2ubuntu1.8_amd64.deb
      Size/MD5:   289240 7d7f7c6a6d8eae25717ab86059f7f503
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls12/libgnutls12-dbg_1.2.9-2ubuntu1.8_amd64.deb
      Size/MD5:   644314 24566e8f7a17f027ac6a03e15ef9f0cc

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/libgnutls-dev_1.2.9-2ubuntu1.8_i386.deb
      Size/MD5:   446466 bd160ef2aa91584b1da2552092a9baf4
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/libgnutls12_1.2.9-2ubuntu1.8_i386.deb
      Size/MD5:   374316 070a982b790588479d2ff20f3b74467e
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls12/gnutls-bin_1.2.9-2ubuntu1.8_i386.deb
      Size/MD5:   273046 d5d27abcb746ec11676bc33e67054ef8
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls12/libgnutls12-dbg_1.2.9-2ubuntu1.8_i386.deb
      Size/MD5:   579606 022fc6f598ced60f89df44fc7e344493

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/libgnutls-dev_1.2.9-2ubuntu1.8_powerpc.deb
      Size/MD5:   485576 265f3737838d55b7086b4532b4782c4f
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/libgnutls12_1.2.9-2ubuntu1.8_powerpc.deb
      Size/MD5:   392298 c64576267ba35071e3849cb3ba0e0c61
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls12/gnutls-bin_1.2.9-2ubuntu1.8_powerpc.deb
      Size/MD5:   289544 03137eecbe12b3b29ffdb1324a0142a7
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls12/libgnutls12-dbg_1.2.9-2ubuntu1.8_powerpc.deb
      Size/MD5:   636974 5ace4beaeeb425e52dc4530b8a2767b8

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/libgnutls-dev_1.2.9-2ubuntu1.8_sparc.deb
      Size/MD5:   482124 fe2acbbf637d0395c89076b55d9d1a49
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/libgnutls12_1.2.9-2ubuntu1.8_sparc.deb
      Size/MD5:   377674 a2b5715015b403d08c8418ee6505b341
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls12/gnutls-bin_1.2.9-2ubuntu1.8_sparc.deb
      Size/MD5:   274178 63e516eda8eddd462e3e441e6db8c948
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls12/libgnutls12-dbg_1.2.9-2ubuntu1.8_sparc.deb
      Size/MD5:   571530 b44f3b90199eca351b71bd5a20108d28



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20100603/4314ffca/attachment.sig>


More information about the ubuntu-security-announce mailing list