lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060216173929.GA5906@piware.de>
Date: Thu, 16 Feb 2006 18:39:29 +0100
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-251-1] libtasn vulnerability

===========================================================
Ubuntu Security Notice USN-251-1	  February 16, 2006
libtasn1-2 vulnerability
CVE-2006-0645
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

libtasn1-2
libgnutls10
libgnutls11

The problem can be corrected by upgrading the affected package to
the following versions:

Ubuntu 4.10:
 libtasn1-2:	0.2.7-2ubuntu0.1
 libgnutls10:	1.0.4-3ubuntu1.2

Ubuntu 5.04:
 libtasn1-2:	0.2.10-4ubuntu0.0.5.04.1
 libgnutls11:	1.0.16-13ubuntu0.2

Ubuntu 5.10:
 libtasn1-2:	0.2.10-4ubuntu0.1
 libgnutls11:	1.0.16-13.1ubuntu1.1

It is highly recommended to restart your computer after a standard
system upgrade to effect the necessary changes. If you cannot afford
to do that then you need to restart all server processes which use
TLS or SSL.

Details follow:

Evgeny Legerov discovered a buffer overflow in the DER format decoding
function of the libtasn library. This library is mainly used by the
GNU TLS library; by sending a specially crafted X.509 certificate to a
server which uses TLS encryption/authentication, a remote attacker
could exploit this to crash that server process and possibly even
execute arbitrary code with the privileges of that server.

In order to fix the vulnerability in libtasn, several internal
function signatures had to be changed; some of these functions are
used by the GNU TLS library, so that library needs to be updated as
well.


Updated packages for Ubuntu 4.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2_0.2.10-4ubuntu0.0.5.04.1.diff.gz
      Size/MD5:   302811 f83da11298aef60134a9d9f60a531542
    http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2_0.2.10-4ubuntu0.0.5.04.1.dsc
      Size/MD5:      690 804db57299c32ab396cd82096695cc21
    http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2_0.2.10.orig.tar.gz
      Size/MD5:   113412 ae95aa75e5db7dc4d85b2837017364a6
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls10/gnutls10_1.0.4-3ubuntu1.2.diff.gz
      Size/MD5:    51101 7469996012703c4b0d114c64d5dc68bd
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls10/gnutls10_1.0.4-3ubuntu1.2.dsc
      Size/MD5:      885 4211b5ae90cf498ed4aafda803dbeb26
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls10/gnutls10_1.0.4.orig.tar.gz
      Size/MD5:  1378290 565d2835b772008689476488265f4e99

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls10/libgnutls-doc_1.0.4-3ubuntu1.2_all.deb
      Size/MD5:   553680 f0229ca2a099166ad6f565bb758614bc

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2-dev_0.2.10-4ubuntu0.0.5.04.1_amd64.deb
      Size/MD5:   185958 45bbee6946f97f40acfa658bb82568c0
    http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2_0.2.10-4ubuntu0.0.5.04.1_amd64.deb
      Size/MD5:    44638 387a051b35fa2da3a6b34c1ad00ed5f5
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls10/gnutls-bin_1.0.4-3ubuntu1.2_amd64.deb
      Size/MD5:   193798 486d7cf57a79adee420558731135d5bb
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls10/libgnutls10-dev_1.0.4-3ubuntu1.2_amd64.deb
      Size/MD5:   367360 a7873c8b6f0c51eaee5cafd62bfc82dc
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls10/libgnutls10_1.0.4-3ubuntu1.2_amd64.deb
      Size/MD5:   309536 7f7e50c02ace523bec531589950ae39b

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2-dev_0.2.10-4ubuntu0.0.5.04.1_i386.deb
      Size/MD5:   181920 a590e7f46e3880313b0febc6b65a4d26
    http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2_0.2.10-4ubuntu0.0.5.04.1_i386.deb
      Size/MD5:    42696 82535e441f6b80c533cc3fc939a0d212
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls10/gnutls-bin_1.0.4-3ubuntu1.2_i386.deb
      Size/MD5:   185402 b91cd88c85e5f4351b5f64f26db699cd
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls10/libgnutls10-dev_1.0.4-3ubuntu1.2_i386.deb
      Size/MD5:   328816 bdea2a19bc27f9ad534c5d3371729790
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls10/libgnutls10_1.0.4-3ubuntu1.2_i386.deb
      Size/MD5:   279656 e4f7a519775fc0a830295962042ca93c

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2-dev_0.2.10-4ubuntu0.0.5.04.1_powerpc.deb
      Size/MD5:   188012 7bc64fc8a372430f5e1d29ac0ba92d4b
    http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2_0.2.10-4ubuntu0.0.5.04.1_powerpc.deb
      Size/MD5:    43214 86e22d9cad05471106f17423eac69673
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls10/gnutls-bin_1.0.4-3ubuntu1.2_powerpc.deb
      Size/MD5:   196144 90339e5b1d5b9b9d1e4493b00545d589
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls10/libgnutls10-dev_1.0.4-3ubuntu1.2_powerpc.deb
      Size/MD5:   396324 7287cefdf890c683e4aefeb676b00be7
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls10/libgnutls10_1.0.4-3ubuntu1.2_powerpc.deb
      Size/MD5:   284968 f6e888674395191804960ebbbd736f76

Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2_0.2.7-2ubuntu0.1.diff.gz
      Size/MD5:     9397 65421e1371910a12a2d0181ad85cc920
    http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2_0.2.7-2ubuntu0.1.dsc
      Size/MD5:      669 7a62f4a925dd9e8c905427eeaa2ff7c9
    http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2_0.2.7.orig.tar.gz
      Size/MD5:   529617 21e39cb21260116bf4a84d31063972e4
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/gnutls11_1.0.16-13ubuntu0.2.diff.gz
      Size/MD5:   339177 a461c7974e30d5d643dfe39624193c14
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/gnutls11_1.0.16-13ubuntu0.2.dsc
      Size/MD5:      830 2aec252666f1c50c3c6d42be88832a34
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/gnutls11_1.0.16.orig.tar.gz
      Size/MD5:  1504638 7b410fa3c563c7988e434a8c8671b3cd

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2-dev_0.2.7-2ubuntu0.1_amd64.deb
      Size/MD5:   182002 d0cded4628833103e039a4778a23616b
    http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2_0.2.7-2ubuntu0.1_amd64.deb
      Size/MD5:    43622 8e2fda9ac3950b8c559acf982474e8ef
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/gnutls-bin_1.0.16-13ubuntu0.2_amd64.deb
      Size/MD5:   217456 8e337aeb284177963c1616110e50e733
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-dbg_1.0.16-13ubuntu0.2_amd64.deb
      Size/MD5:   575502 45fbfd2a5dfed9a13e0bb711824a6588
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11-dev_1.0.16-13ubuntu0.2_amd64.deb
      Size/MD5:   392362 2898ee7b31d7f99dca61b8d27850c7db
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11_1.0.16-13ubuntu0.2_amd64.deb
      Size/MD5:   326894 902e0a28fe1bf3c7d396e8038dcde8f8

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2-dev_0.2.7-2ubuntu0.1_i386.deb
      Size/MD5:   178122 9693d7954bdba6dc59040fb4560cb38b
    http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2_0.2.7-2ubuntu0.1_i386.deb
      Size/MD5:    41964 9b7bba1c7979021988feb67f70c3a766
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/gnutls-bin_1.0.16-13ubuntu0.2_i386.deb
      Size/MD5:   203442 34ba50244aa67e733f211f06d0d4d03a
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-dbg_1.0.16-13ubuntu0.2_i386.deb
      Size/MD5:   555604 8d5085dfa64e9a0bd1d2489a8a3825d9
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11-dev_1.0.16-13ubuntu0.2_i386.deb
      Size/MD5:   357134 42f0fe10f5943b40264faaafd785e349
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11_1.0.16-13ubuntu0.2_i386.deb
      Size/MD5:   293370 7d4b401e88668c627b7c224c6ea96398

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2-dev_0.2.7-2ubuntu0.1_powerpc.deb
      Size/MD5:   184002 9e0c79244c7737042c270a43327dc7ca
    http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2_0.2.7-2ubuntu0.1_powerpc.deb
      Size/MD5:    42284 ad68e8405ad32072f62d5d058d923358
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/gnutls-bin_1.0.16-13ubuntu0.2_powerpc.deb
      Size/MD5:   218384 0bd5da55b0b21b7b9e49f85363340de8
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-dbg_1.0.16-13ubuntu0.2_powerpc.deb
      Size/MD5:  1416000 525d1008f84aeb586250cecc133efb6a
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11-dev_1.0.16-13ubuntu0.2_powerpc.deb
      Size/MD5:   388764 d8afff0331d2bce12a7fc5e62b966260
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11_1.0.16-13ubuntu0.2_powerpc.deb
      Size/MD5:   299404 42e776d44dc90db1bc796c2c5564ac3b

Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2_0.2.10-4ubuntu0.1.diff.gz
      Size/MD5:   302886 1c86ff9ac73ba986e91aaf23231aa3f2
    http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2_0.2.10-4ubuntu0.1.dsc
      Size/MD5:      676 770e9f82dff36318022a1fcc963855ff
    http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2_0.2.10.orig.tar.gz
      Size/MD5:   113412 ae95aa75e5db7dc4d85b2837017364a6
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/gnutls11_1.0.16-13.1ubuntu1.1.diff.gz
      Size/MD5:   339696 38b52c650f0018100c5a085ffddc2ccf
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/gnutls11_1.0.16-13.1ubuntu1.1.dsc
      Size/MD5:      829 d65ba5094be7fc67079e12da2da25dce
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/gnutls11_1.0.16.orig.tar.gz
      Size/MD5:  1504638 7b410fa3c563c7988e434a8c8671b3cd

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2-dev_0.2.10-4ubuntu0.1_amd64.deb
      Size/MD5:   187882 ab7100c04b67119522e6020536fad1d8
    http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2_0.2.10-4ubuntu0.1_amd64.deb
      Size/MD5:    46348 a435cac32c356140771a6a5c4207eef4
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/gnutls-bin_1.0.16-13.1ubuntu1.1_amd64.deb
      Size/MD5:   217428 02c4205d6b5fda205092a3a998dd9647
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-dbg_1.0.16-13.1ubuntu1.1_amd64.deb
      Size/MD5:   500798 d3e5feafe1ea05f1fc84a6897bb93418
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11-dev_1.0.16-13.1ubuntu1.1_amd64.deb
      Size/MD5:   398672 0b2dbfb3d19c8927da51b6ce80cac82f
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11_1.0.16-13.1ubuntu1.1_amd64.deb
      Size/MD5:   332038 6e776f87dfdf505ccbd2d72c8406bc67

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2-dev_0.2.10-4ubuntu0.1_i386.deb
      Size/MD5:   182088 578ad92f2fa97c221698a836f8a51cb5
    http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2_0.2.10-4ubuntu0.1_i386.deb
      Size/MD5:    42356 18105b162e1b4a3ae0b259f8ecec8be9
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/gnutls-bin_1.0.16-13.1ubuntu1.1_i386.deb
      Size/MD5:   201606 e7e0d57a788d2d37087373db6f9fd1f2
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-dbg_1.0.16-13.1ubuntu1.1_i386.deb
      Size/MD5:   443546 f4576a81cec8565257de1ec5e6e93467
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11-dev_1.0.16-13.1ubuntu1.1_i386.deb
      Size/MD5:   353296 82914947d86d8fc89e78308868dcf6fb
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11_1.0.16-13.1ubuntu1.1_i386.deb
      Size/MD5:   286992 dc34ea8b46a24be8feaf8f63cae6a08a

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2-dev_0.2.10-4ubuntu0.1_powerpc.deb
      Size/MD5:   188214 0a375d921a5639958a1c37d904658fea
    http://security.ubuntu.com/ubuntu/pool/main/libt/libtasn1-2/libtasn1-2_0.2.10-4ubuntu0.1_powerpc.deb
      Size/MD5:    43566 73654c735e38d3b19d206217fbac1ca9
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/gnutls-bin_1.0.16-13.1ubuntu1.1_powerpc.deb
      Size/MD5:   218704 a61cc659973675624da83dbb23141c7c
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-dbg_1.0.16-13.1ubuntu1.1_powerpc.deb
      Size/MD5:   498388 e4687d0a5b18c45173bc3dc702b40563
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11-dev_1.0.16-13.1ubuntu1.1_powerpc.deb
      Size/MD5:   395190 1a5b4de0cb8ab1a6853a9b554b91e1c8
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11_1.0.16-13.1ubuntu1.1_powerpc.deb
      Size/MD5:   304606 46f8fc5a3f641f36433b9f2d5759ff17

Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ