lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20100603230853.GA13274@severus.strandboge.com>
Date: Thu, 3 Jun 2010 18:08:54 -0500
From: Jamie Strandboge <jamie@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-948-1] GnuTLS vulnerability

===========================================================
Ubuntu Security Notice USN-948-1              June 03, 2010
gnutls12 vulnerability
CVE-2006-7239
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libgnutls12                     1.2.9-2ubuntu1.8

In general, a standard system update will make all the necessary changes.

Details follow:

It was discovered that GnuTLS did not always properly verify the hash
algorithm of X.509 certificates. If an application linked against GnuTLS
processed a crafted certificate, an attacker could make GnuTLS dereference
a NULL pointer and cause a DoS via application crash.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/gnutls12_1.2.9-2ubuntu1.8.diff.gz
      Size/MD5:   558633 cfa2b4b5dca0d47cd1f99e40ec65a39a
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/gnutls12_1.2.9-2ubuntu1.8.dsc
      Size/MD5:      827 525c9dffc5df8c6c312af2ea6d387548
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/gnutls12_1.2.9.orig.tar.gz
      Size/MD5:  3305475 4e1a2e9c22c7d6459d5eb5e6484a19c4

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/libgnutls-dev_1.2.9-2ubuntu1.8_amd64.deb
      Size/MD5:   492576 1e3a14750f107c78ead283ebacb76750
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/libgnutls12_1.2.9-2ubuntu1.8_amd64.deb
      Size/MD5:   421484 63c7d9fe2694083aa660deb2c88f48ac
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls12/gnutls-bin_1.2.9-2ubuntu1.8_amd64.deb
      Size/MD5:   289240 7d7f7c6a6d8eae25717ab86059f7f503
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls12/libgnutls12-dbg_1.2.9-2ubuntu1.8_amd64.deb
      Size/MD5:   644314 24566e8f7a17f027ac6a03e15ef9f0cc

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/libgnutls-dev_1.2.9-2ubuntu1.8_i386.deb
      Size/MD5:   446466 bd160ef2aa91584b1da2552092a9baf4
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/libgnutls12_1.2.9-2ubuntu1.8_i386.deb
      Size/MD5:   374316 070a982b790588479d2ff20f3b74467e
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls12/gnutls-bin_1.2.9-2ubuntu1.8_i386.deb
      Size/MD5:   273046 d5d27abcb746ec11676bc33e67054ef8
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls12/libgnutls12-dbg_1.2.9-2ubuntu1.8_i386.deb
      Size/MD5:   579606 022fc6f598ced60f89df44fc7e344493

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/libgnutls-dev_1.2.9-2ubuntu1.8_powerpc.deb
      Size/MD5:   485576 265f3737838d55b7086b4532b4782c4f
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/libgnutls12_1.2.9-2ubuntu1.8_powerpc.deb
      Size/MD5:   392298 c64576267ba35071e3849cb3ba0e0c61
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls12/gnutls-bin_1.2.9-2ubuntu1.8_powerpc.deb
      Size/MD5:   289544 03137eecbe12b3b29ffdb1324a0142a7
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls12/libgnutls12-dbg_1.2.9-2ubuntu1.8_powerpc.deb
      Size/MD5:   636974 5ace4beaeeb425e52dc4530b8a2767b8

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/libgnutls-dev_1.2.9-2ubuntu1.8_sparc.deb
      Size/MD5:   482124 fe2acbbf637d0395c89076b55d9d1a49
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/libgnutls12_1.2.9-2ubuntu1.8_sparc.deb
      Size/MD5:   377674 a2b5715015b403d08c8418ee6505b341
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls12/gnutls-bin_1.2.9-2ubuntu1.8_sparc.deb
      Size/MD5:   274178 63e516eda8eddd462e3e441e6db8c948
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls12/libgnutls12-dbg_1.2.9-2ubuntu1.8_sparc.deb
      Size/MD5:   571530 b44f3b90199eca351b71bd5a20108d28




Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ