| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 16 Oct 2006 16:53:17 -0700
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-365-1] libksba vulnerability
===========================================================
Ubuntu Security Notice USN-365-1 October 16, 2006
libksba vulnerability
CVE-2006-5111
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.04
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 5.04:
libksba8 0.9.9-2ubuntu0.5.04
After a standard system upgrade you need to restart your session to
effect the necessary changes.
Details follow:
A parsing failure was discovered in the handling of X.509 certificates
that contained extra trailing data. Malformed or malicious certificates
could cause services using libksba to crash, potentially creating a
denial of service.
Updated packages for Ubuntu 5.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libk/libksba/libksba_0.9.9-2ubuntu0.5.04.diff.gz
Size/MD5: 256789 7814506294c66d47a7acc67325acf5ba
http://security.ubuntu.com/ubuntu/pool/main/libk/libksba/libksba_0.9.9-2ubuntu0.5.04.dsc
Size/MD5: 675 b3398604d25bcbcb7dda502b0b36428d
http://security.ubuntu.com/ubuntu/pool/main/libk/libksba/libksba_0.9.9.orig.tar.gz
Size/MD5: 398846 458c6880f6cb191b65a6436877e413b8
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/libk/libksba/libksba-dev_0.9.9-2ubuntu0.5.04_amd64.deb
Size/MD5: 132624 475f536666cc3b96aee0ccc6c9b3847d
http://security.ubuntu.com/ubuntu/pool/main/libk/libksba/libksba8_0.9.9-2ubuntu0.5.04_amd64.deb
Size/MD5: 92024 7eda61b96dedbdf5b73437819e3cbfc3
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/libk/libksba/libksba-dev_0.9.9-2ubuntu0.5.04_i386.deb
Size/MD5: 118938 af9a322a0a826922f505c4949b1c67ad
http://security.ubuntu.com/ubuntu/pool/main/libk/libksba/libksba8_0.9.9-2ubuntu0.5.04_i386.deb
Size/MD5: 83352 49589a5bd441daf84384ed46809c296b
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/libk/libksba/libksba-dev_0.9.9-2ubuntu0.5.04_powerpc.deb
Size/MD5: 133464 665fb8a0e1672bfbef24a23abde1eb18
http://security.ubuntu.com/ubuntu/pool/main/libk/libksba/libksba8_0.9.9-2ubuntu0.5.04_powerpc.deb
Size/MD5: 87838 2869d3fec34920fb112502a49fd995d6
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists