[USN-948-1] GnuTLS vulnerability
Jamie Strandboge
jamie at canonical.com
Thu Jun 3 23:08:54 UTC 2010
===========================================================
Ubuntu Security Notice USN-948-1 June 03, 2010
gnutls12 vulnerability
CVE-2006-7239
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
libgnutls12 1.2.9-2ubuntu1.8
In general, a standard system update will make all the necessary changes.
Details follow:
It was discovered that GnuTLS did not always properly verify the hash
algorithm of X.509 certificates. If an application linked against GnuTLS
processed a crafted certificate, an attacker could make GnuTLS dereference
a NULL pointer and cause a DoS via application crash.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/gnutls12_1.2.9-2ubuntu1.8.diff.gz
Size/MD5: 558633 cfa2b4b5dca0d47cd1f99e40ec65a39a
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/gnutls12_1.2.9-2ubuntu1.8.dsc
Size/MD5: 827 525c9dffc5df8c6c312af2ea6d387548
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/gnutls12_1.2.9.orig.tar.gz
Size/MD5: 3305475 4e1a2e9c22c7d6459d5eb5e6484a19c4
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/libgnutls-dev_1.2.9-2ubuntu1.8_amd64.deb
Size/MD5: 492576 1e3a14750f107c78ead283ebacb76750
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/libgnutls12_1.2.9-2ubuntu1.8_amd64.deb
Size/MD5: 421484 63c7d9fe2694083aa660deb2c88f48ac
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls12/gnutls-bin_1.2.9-2ubuntu1.8_amd64.deb
Size/MD5: 289240 7d7f7c6a6d8eae25717ab86059f7f503
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls12/libgnutls12-dbg_1.2.9-2ubuntu1.8_amd64.deb
Size/MD5: 644314 24566e8f7a17f027ac6a03e15ef9f0cc
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/libgnutls-dev_1.2.9-2ubuntu1.8_i386.deb
Size/MD5: 446466 bd160ef2aa91584b1da2552092a9baf4
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/libgnutls12_1.2.9-2ubuntu1.8_i386.deb
Size/MD5: 374316 070a982b790588479d2ff20f3b74467e
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls12/gnutls-bin_1.2.9-2ubuntu1.8_i386.deb
Size/MD5: 273046 d5d27abcb746ec11676bc33e67054ef8
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls12/libgnutls12-dbg_1.2.9-2ubuntu1.8_i386.deb
Size/MD5: 579606 022fc6f598ced60f89df44fc7e344493
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/libgnutls-dev_1.2.9-2ubuntu1.8_powerpc.deb
Size/MD5: 485576 265f3737838d55b7086b4532b4782c4f
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/libgnutls12_1.2.9-2ubuntu1.8_powerpc.deb
Size/MD5: 392298 c64576267ba35071e3849cb3ba0e0c61
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls12/gnutls-bin_1.2.9-2ubuntu1.8_powerpc.deb
Size/MD5: 289544 03137eecbe12b3b29ffdb1324a0142a7
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls12/libgnutls12-dbg_1.2.9-2ubuntu1.8_powerpc.deb
Size/MD5: 636974 5ace4beaeeb425e52dc4530b8a2767b8
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/libgnutls-dev_1.2.9-2ubuntu1.8_sparc.deb
Size/MD5: 482124 fe2acbbf637d0395c89076b55d9d1a49
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/libgnutls12_1.2.9-2ubuntu1.8_sparc.deb
Size/MD5: 377674 a2b5715015b403d08c8418ee6505b341
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls12/gnutls-bin_1.2.9-2ubuntu1.8_sparc.deb
Size/MD5: 274178 63e516eda8eddd462e3e441e6db8c948
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls12/libgnutls12-dbg_1.2.9-2ubuntu1.8_sparc.deb
Size/MD5: 571530 b44f3b90199eca351b71bd5a20108d28
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20100603/4314ffca/attachment.sig>
More information about the ubuntu-security-announce
mailing list