lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20061016235317.GK19004@outflux.net>
Date: Mon, 16 Oct 2006 16:53:17 -0700
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: [USN-365-1] libksba vulnerability

=========================================================== 
Ubuntu Security Notice USN-365-1           October 16, 2006
libksba vulnerability
CVE-2006-5111
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
  libksba8                                 0.9.9-2ubuntu0.5.04

After a standard system upgrade you need to restart your session to
effect the necessary changes.

Details follow:

A parsing failure was discovered in the handling of X.509 certificates 
that contained extra trailing data.  Malformed or malicious certificates
could cause services using libksba to crash, potentially creating a 
denial of service.


Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libk/libksba/libksba_0.9.9-2ubuntu0.5.04.diff.gz
      Size/MD5:   256789 7814506294c66d47a7acc67325acf5ba
    http://security.ubuntu.com/ubuntu/pool/main/libk/libksba/libksba_0.9.9-2ubuntu0.5.04.dsc
      Size/MD5:      675 b3398604d25bcbcb7dda502b0b36428d
    http://security.ubuntu.com/ubuntu/pool/main/libk/libksba/libksba_0.9.9.orig.tar.gz
      Size/MD5:   398846 458c6880f6cb191b65a6436877e413b8

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/libk/libksba/libksba-dev_0.9.9-2ubuntu0.5.04_amd64.deb
      Size/MD5:   132624 475f536666cc3b96aee0ccc6c9b3847d
    http://security.ubuntu.com/ubuntu/pool/main/libk/libksba/libksba8_0.9.9-2ubuntu0.5.04_amd64.deb
      Size/MD5:    92024 7eda61b96dedbdf5b73437819e3cbfc3

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/libk/libksba/libksba-dev_0.9.9-2ubuntu0.5.04_i386.deb
      Size/MD5:   118938 af9a322a0a826922f505c4949b1c67ad
    http://security.ubuntu.com/ubuntu/pool/main/libk/libksba/libksba8_0.9.9-2ubuntu0.5.04_i386.deb
      Size/MD5:    83352 49589a5bd441daf84384ed46809c296b

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/libk/libksba/libksba-dev_0.9.9-2ubuntu0.5.04_powerpc.deb
      Size/MD5:   133464 665fb8a0e1672bfbef24a23abde1eb18
    http://security.ubuntu.com/ubuntu/pool/main/libk/libksba/libksba8_0.9.9-2ubuntu0.5.04_powerpc.deb
      Size/MD5:    87838 2869d3fec34920fb112502a49fd995d6


Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ