Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2006.0690 -- [Debian]
New gnutls11 packages fix RSA signature forgery cryptographic weakness
25 September 2006
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: gnutls11
Publisher: Debian
Operating System: Debian GNU/Linux 3.1
Impact: Reduced Security
Access: Remote/Unauthenticated
CVE Names: CVE-2006-4790
Ref: ESB-2006.0667
Original Bulletin: http://www.debian.org/security/2006/dsa-1182
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - --------------------------------------------------------------------------
Debian Security Advisory DSA 1182-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
September 22nd, 2006 http://www.debian.org/security/faq
- - --------------------------------------------------------------------------
Package : gnutls11
Vulnerability : cryptographic weakness
Problem-Type : local
Debian-specific: no
CVE ID : CVE-2006-4790
Daniel Bleichenbacher discovered a flaw in GNU TLS cryptographic package
that could allow an attacker to generate a forged signature that GNU TLS
will accept as valid.
For the stable distribution (sarge) this problem has been fixed in
version 1.0.16-13.2sarge2.
The unstable distribution (sid) does no longer contain gnutls11, for
gnutls13 this problem has been fixed in version 1.4.4-1.
We recommend that you upgrade your GNU TLS package.
Upgrade Instructions
- - --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
- - --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/g/gnutls11/gnutls11_1.0.16-13.2sarge2.dsc
Size/MD5 checksum: 820 72116e13ca8af0d4c0420a6a5fba01fb
http://security.debian.org/pool/updates/main/g/gnutls11/gnutls11_1.0.16-13.2sarge2.diff.gz
Size/MD5 checksum: 346146 46c4495ad9c32f53a362669432b548d0
http://security.debian.org/pool/updates/main/g/gnutls11/gnutls11_1.0.16.orig.tar.gz
Size/MD5 checksum: 1504638 7b410fa3c563c7988e434a8c8671b3cd
Alpha architecture:
http://security.debian.org/pool/updates/main/g/gnutls11/gnutls-bin_1.0.16-13.2sarge2_alpha.deb
Size/MD5 checksum: 229836 759bb1fb11af8022228651e5ee996c2a
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11_1.0.16-13.2sarge2_alpha.deb
Size/MD5 checksum: 335034 e25273a2f6a338e0a864759723f7927f
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dbg_1.0.16-13.2sarge2_alpha.deb
Size/MD5 checksum: 589736 7318e2d5e9e5c1706e4e3baeadbe5e95
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dev_1.0.16-13.2sarge2_alpha.deb
Size/MD5 checksum: 512202 25396b24bd00c6c2d0c52f744072b972
AMD64 architecture:
http://security.debian.org/pool/updates/main/g/gnutls11/gnutls-bin_1.0.16-13.2sarge2_amd64.deb
Size/MD5 checksum: 217586 8c925e3b730e6b72d776e7b132c15a04
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11_1.0.16-13.2sarge2_amd64.deb
Size/MD5 checksum: 327012 14301cbecc28ec34e998decbabf3ce58
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dbg_1.0.16-13.2sarge2_amd64.deb
Size/MD5 checksum: 575502 bb6e0f0d2312a49ea9466a0261c667a0
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dev_1.0.16-13.2sarge2_amd64.deb
Size/MD5 checksum: 392470 01728ddd9d1a2493f95f7b88fd77063d
ARM architecture:
http://security.debian.org/pool/updates/main/g/gnutls11/gnutls-bin_1.0.16-13.2sarge2_arm.deb
Size/MD5 checksum: 204892 4979873690a1bdd10b87de313f50e823
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11_1.0.16-13.2sarge2_arm.deb
Size/MD5 checksum: 294784 a1f084e60a11242ea2d0d8aa6b9e0a92
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dbg_1.0.16-13.2sarge2_arm.deb
Size/MD5 checksum: 585114 e7a6b7471fc1696936c7b1a2d842dd0a
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dev_1.0.16-13.2sarge2_arm.deb
Size/MD5 checksum: 400060 b385b5cbca545e9c3956c0c43d0946e0
HP Precision architecture:
http://security.debian.org/pool/updates/main/g/gnutls11/gnutls-bin_1.0.16-13.2sarge2_hppa.deb
Size/MD5 checksum: 217594 5597e912c19fb5f3cea5350fc4867948
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11_1.0.16-13.2sarge2_hppa.deb
Size/MD5 checksum: 329544 fb715f8fb54a6fb9e430edb1774ada8e
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dbg_1.0.16-13.2sarge2_hppa.deb
Size/MD5 checksum: 584956 6c488c7997328cecda7afd7497d85ff5
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dev_1.0.16-13.2sarge2_hppa.deb
Size/MD5 checksum: 434780 7560c9da720dad66554a0459af06d0f8
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/g/gnutls11/gnutls-bin_1.0.16-13.2sarge2_i386.deb
Size/MD5 checksum: 206826 3a6b6996db3db6bd92947fb552b61599
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11_1.0.16-13.2sarge2_i386.deb
Size/MD5 checksum: 301988 7af47286dd7a1fca42f80b1dfd87bb7d
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dbg_1.0.16-13.2sarge2_i386.deb
Size/MD5 checksum: 558658 c5e07873a863d46892921effa3423038
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dev_1.0.16-13.2sarge2_i386.deb
Size/MD5 checksum: 370390 e649a2f476791e825c923003b152484c
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/g/gnutls11/gnutls-bin_1.0.16-13.2sarge2_ia64.deb
Size/MD5 checksum: 259060 252fafaf93df717cc09bfe1c33b2d382
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11_1.0.16-13.2sarge2_ia64.deb
Size/MD5 checksum: 384930 9b16fbd9b504907db1d1c4f08669989e
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dbg_1.0.16-13.2sarge2_ia64.deb
Size/MD5 checksum: 585920 64245f68bb5c1c795b4143462bbb25f5
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dev_1.0.16-13.2sarge2_ia64.deb
Size/MD5 checksum: 521916 d8eb2fec68f52dbd52c351402ab99b6f
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/g/gnutls11/gnutls-bin_1.0.16-13.2sarge2_m68k.deb
Size/MD5 checksum: 198834 a12fd077c07b171dc6e99feb78375b08
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11_1.0.16-13.2sarge2_m68k.deb
Size/MD5 checksum: 282984 577f5774ba0f2c274b8c62071f7202cf
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dbg_1.0.16-13.2sarge2_m68k.deb
Size/MD5 checksum: 561098 a08a318581f5db996d9c382bd495c709
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dev_1.0.16-13.2sarge2_m68k.deb
Size/MD5 checksum: 341710 4bc318fbbfc2046fe4dd47d12ba88425
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/g/gnutls11/gnutls-bin_1.0.16-13.2sarge2_mips.deb
Size/MD5 checksum: 211728 c3c1695268e1201ac2e9081b94c17366
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11_1.0.16-13.2sarge2_mips.deb
Size/MD5 checksum: 291666 f8fbf909070719d38243643d5dc7bf1d
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dbg_1.0.16-13.2sarge2_mips.deb
Size/MD5 checksum: 595774 f9ee1f7ceb3db2d93f9fcc758ccecab5
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dev_1.0.16-13.2sarge2_mips.deb
Size/MD5 checksum: 408540 c1c1dcad15359180555a6256818c0686
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/g/gnutls11/gnutls-bin_1.0.16-13.2sarge2_mipsel.deb
Size/MD5 checksum: 211476 f28cc4f345ae11897ae12ec1ac324719
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11_1.0.16-13.2sarge2_mipsel.deb
Size/MD5 checksum: 290328 fd27ef5dd5e20763912f5384b920360d
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dbg_1.0.16-13.2sarge2_mipsel.deb
Size/MD5 checksum: 591336 9c704e57721d0cf7a12bf844731a9fd7
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dev_1.0.16-13.2sarge2_mipsel.deb
Size/MD5 checksum: 404628 b1201dea3f671b1e651f86e45803d7c7
PowerPC architecture:
http://security.debian.org/pool/updates/main/g/gnutls11/gnutls-bin_1.0.16-13.2sarge2_powerpc.deb
Size/MD5 checksum: 218500 e6b92e1d34fa41b18c9aac4765e52191
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11_1.0.16-13.2sarge2_powerpc.deb
Size/MD5 checksum: 299502 9377a3aa261f852a8666934bb0825f04
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dbg_1.0.16-13.2sarge2_powerpc.deb
Size/MD5 checksum: 1415916 e27b0176c54741aff5b45d0466438ee1
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dev_1.0.16-13.2sarge2_powerpc.deb
Size/MD5 checksum: 388910 1a2997848bc55fc28730370891797297
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/g/gnutls11/gnutls-bin_1.0.16-13.2sarge2_s390.deb
Size/MD5 checksum: 215448 9b20f31f10b2b91524453c7a768402a0
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11_1.0.16-13.2sarge2_s390.deb
Size/MD5 checksum: 318674 6ace59100c9131a1cea01c7d635d633a
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dbg_1.0.16-13.2sarge2_s390.deb
Size/MD5 checksum: 632292 60c0acb0ba3046ed4462627ed74db531
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dev_1.0.16-13.2sarge2_s390.deb
Size/MD5 checksum: 376622 c11864c64293723e02f07bbeb59c36a7
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/g/gnutls11/gnutls-bin_1.0.16-13.2sarge2_sparc.deb
Size/MD5 checksum: 204564 a826236438bfe0fbbffe6841fc0380be
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11_1.0.16-13.2sarge2_sparc.deb
Size/MD5 checksum: 295780 b68bb873076fad0a20082e8f1601a43d
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dbg_1.0.16-13.2sarge2_sparc.deb
Size/MD5 checksum: 577540 4bdfb6604d142bf8665846ef235724a0
http://security.debian.org/pool/updates/main/g/gnutls11/libgnutls11-dev_1.0.16-13.2sarge2_sparc.deb
Size/MD5 checksum: 399936 10103cd5f9f40c434b9c6412cad4edb2
These files will probably be moved into the stable distribution on
its next update.
- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFFFAIWXm3vHE4uyloRAnUcAKDXnFCOZo39YJOhYQHSjLhaAGuY2ACgzYMI
KJZ8SJQPJx8x40hZrQTviF4=
=v3pZ
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBRRcyoyh9+71yA2DNAQKf5AP7B37cf1dWrWCHXkkOwGfjg3lJJrmz6rdl
VyPVku2qE/E7r5M+Hhi8deIklcnN1qz7DFn3kWFKAo0sQNhsNKzYIg5E3gK/ZcZP
lYF4y4UcVhOmgdTaLENhR1Ei2O8R8TX0zqH1kbPofmx4ilACq8C3xFOg70qtld7I
4i8ELDaypVk=
=FV+d
-----END PGP SIGNATURE-----