[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050513094650.GK8016@piware.de>
Date: Fri, 13 May 2005 11:46:50 +0200
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-126-1] GNU TLS library vulnerability
===========================================================
Ubuntu Security Notice USN-126-1 May 13, 2005
gnutls11, gnutls10 vulnerability
CAN-2005-1431
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
libgnutls10
libgnutls11
libgnutls11-dbg
The problem can be corrected by upgrading the affected package to
version 1.0.4-3ubuntu1.1 (for Ubuntu 4.10), or 1.0.16-13ubuntu0.1 (for
Ubuntu 5.04). For most desktop applications, a standard system
upgrade is sufficient to effect the necessary changes. However, if you
are using server and long running applications that use libgnutls
(cupsys, exim4, Gaim), you must restart them manually. If you can
afford to reboot your machine, this is the easiest way to ensure that
all services using this library are restarted correctly.
Details follow:
A Denial of Service vulnerability was discovered in the GNU TLS
library, which provides common cryptographic algorithms and is used by
many applications in Ubuntu. Due to a missing sanity check of the
padding length field, specially crafted ciphertext blocks caused an
out of bounds memory access which could crash the application. It was
not possible to exploit this to execute any attacker specified code.
Updated packages for Ubuntu 4.10 (Warty Warthog):
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls10/gnutls10_1.0.4-3ubuntu1.1.diff.gz
Size/MD5: 49877 a421703ee46eaba0ac70a6d892069139
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls10/gnutls10_1.0.4-3ubuntu1.1.dsc
Size/MD5: 863 831a452e9369be66097d520579a66354
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls10/gnutls10_1.0.4.orig.tar.gz
Size/MD5: 1378290 565d2835b772008689476488265f4e99
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls10/libgnutls-doc_1.0.4-3ubuntu1.1_all.deb
Size/MD5: 553460 77af9be62e963e2771ff3ce9259dd086
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls10/gnutls-bin_1.0.4-3ubuntu1.1_amd64.deb
Size/MD5: 193656 11b33a8fff25292ac2ae1b680de3c006
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls10/libgnutls10-dev_1.0.4-3ubuntu1.1_amd64.deb
Size/MD5: 367136 a5a4b023309977a4ac05abaf400ef65a
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls10/libgnutls10_1.0.4-3ubuntu1.1_amd64.deb
Size/MD5: 309288 9030fd065858abe487993fff229d9c61
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls10/gnutls-bin_1.0.4-3ubuntu1.1_i386.deb
Size/MD5: 185176 6e27b1181c07ec15991bf30b227d559f
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls10/libgnutls10-dev_1.0.4-3ubuntu1.1_i386.deb
Size/MD5: 328650 9a3ef7584be77d7d6dbd136032f55e89
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls10/libgnutls10_1.0.4-3ubuntu1.1_i386.deb
Size/MD5: 279368 3f8c3b8ed3b96649c2a973846bc824f0
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls10/gnutls-bin_1.0.4-3ubuntu1.1_powerpc.deb
Size/MD5: 195926 f0f90f8b4c004a70019a7188c78a2ffc
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls10/libgnutls10-dev_1.0.4-3ubuntu1.1_powerpc.deb
Size/MD5: 396076 88fba2e88301873bb674e34a398a1af4
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls10/libgnutls10_1.0.4-3ubuntu1.1_powerpc.deb
Size/MD5: 284662 71c918cd7d3b1e445ac43be2705c1723
Updated packages for Ubuntu 5.04 (Hoary Hedgehog):
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/gnutls11_1.0.16-13ubuntu0.1.diff.gz
Size/MD5: 337831 08f61cd8a964751d06c208237985ac7b
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/gnutls11_1.0.16-13ubuntu0.1.dsc
Size/MD5: 814 40bd2f5530ed7d27f5f6c8dcce325a4a
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/gnutls11_1.0.16.orig.tar.gz
Size/MD5: 1504638 7b410fa3c563c7988e434a8c8671b3cd
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/gnutls-bin_1.0.16-13ubuntu0.1_amd64.deb
Size/MD5: 217154 74e29f9aa85a515c7cf387a9a77ad901
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-dbg_1.0.16-13ubuntu0.1_amd64.deb
Size/MD5: 574984 9a68ba7e194b594265e48c81cea0c5d6
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11-dev_1.0.16-13ubuntu0.1_amd64.deb
Size/MD5: 392034 bbbe41cdaac3a4402124be97b0b905f5
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11_1.0.16-13ubuntu0.1_amd64.deb
Size/MD5: 326610 4b973b460ab26e7c61fe66c99e745c37
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/gnutls-bin_1.0.16-13ubuntu0.1_i386.deb
Size/MD5: 203144 9997faa5bbfc8f2181856ad51d4fb82a
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-dbg_1.0.16-13ubuntu0.1_i386.deb
Size/MD5: 554796 e0730689824c59ccdc5285c1ec801043
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11-dev_1.0.16-13ubuntu0.1_i386.deb
Size/MD5: 356846 fb313893aa729272b5e12a8c9b0da5db
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11_1.0.16-13ubuntu0.1_i386.deb
Size/MD5: 293072 aa53297d5112cb6d40805256b1427384
ia64 architecture (Intel Itanium)
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/gnutls-bin_1.0.16-13ubuntu0.1_ia64.deb
Size/MD5: 258640 5eb86c32dbc2181ba54f2522e6fa2f5b
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-dbg_1.0.16-13ubuntu0.1_ia64.deb
Size/MD5: 585292 db08a7b1ac9e5b9e1ab2bf964d18162c
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11-dev_1.0.16-13ubuntu0.1_ia64.deb
Size/MD5: 521564 827ea4039e5b2b1e06e0c4c27ff7bc16
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11_1.0.16-13ubuntu0.1_ia64.deb
Size/MD5: 384526 45bd4f99407f7cae773b4c7302927df4
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/gnutls-bin_1.0.16-13ubuntu0.1_powerpc.deb
Size/MD5: 218072 6c76d07dc561da7a749a3bf72a4f14a3
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-dbg_1.0.16-13ubuntu0.1_powerpc.deb
Size/MD5: 1417598 470ec82e16a7937bf2cb66586181cae0
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11-dev_1.0.16-13ubuntu0.1_powerpc.deb
Size/MD5: 388428 0f628a18a2f3c4b01bc7ac1da8e9fd5e
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11_1.0.16-13ubuntu0.1_powerpc.deb
Size/MD5: 299128 8810c5d0fe0c2b3780f2ce9d0a1058e1
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists