-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2009.1540
 New gnutls23/gnutls26 packages fix SSL certificate verification weakness
                             18 November 2009

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           gnutls13
                   gnutls26
Publisher:         Debian
Operating System:  Debian GNU/Linux 4
                   Debian GNU/Linux 5
Impact/Access:     Provide Misleading Information -- Remote with User Interaction
                   Reduced Security               -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2009-2730 CVE-2009-2409 

Reference:         ASB-2009.1048
                   ESB-2009.1293

Original Bulletin: 
   http://www.debian.org/security/2009/dsa-1935

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA-1935-1                    security@debian.org
http://www.debian.org/security/                          Giuseppe Iuculano
November 17th, 2009                     http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Packages       : gnutls13 gnutls26
Vulnerability  : several vulnerabilities
Problem type   : remote
Debian-specific: no
Debian bug     : 541439
CVE Ids        : CVE-2009-2409 CVE-2009-2730


Dan Kaminsky and Moxie Marlinspike discovered that gnutls, an implementation of
the TLS/SSL protocol, does not properly handle a '\0' character in a domain name
in the subject's Common Name or Subject Alternative Name (SAN) field of an X.509
certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL
servers via a crafted certificate issued by a legitimate Certification
Authority. (CVE-2009-2730)

In addition, with this update, certificates with MD2 hash signatures are no
longer accepted since they're no longer considered cryptograhically secure. It
only affects the oldstable distribution (etch).(CVE-2009-2409)

For the oldstable distribution (etch), these problems have been fixed in version
1.4.4-3+etch5 for gnutls13.

For the stable distribution (lenny), these problems have been fixed in version
2.4.2-6+lenny2 for gnutls26.

For the testing distribution (squeeze), and the  unstable distribution (sid),
these problems have been fixed in version 2.8.3-1 for gnutls26.

We recommend that you upgrade your gnutls13/gnutls26 packages.

Upgrade instructions
- - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- - -------------------------------

Debian (oldstable)
- - ------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/g/gnutls13/gnutls13_1.4.4.orig.tar.gz
    Size/MD5 checksum:  4752009 c06ada020e2b69caa51833175d59f8b2
  http://security.debian.org/pool/updates/main/g/gnutls13/gnutls13_1.4.4-3+etch5.dsc
    Size/MD5 checksum:      968 0d1e0d44616d6f6a53b6c1f567849f56
  http://security.debian.org/pool/updates/main/g/gnutls13/gnutls13_1.4.4-3+etch5.diff.gz
    Size/MD5 checksum:    22775 f6ddd230b956dec89fccf43ea9f64c20

Architecture independent packages:

  http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-doc_1.4.4-3+etch5_all.deb
    Size/MD5 checksum:  2320326 d29321b23395f3bd314b9eee58f351e3

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch5_alpha.deb
    Size/MD5 checksum:   524412 3cec75cb5cc88eb5232c4f29690daf9c
  http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch5_alpha.deb
    Size/MD5 checksum:   196642 9c9f57aad568b9a401d6c1d01d2d7b8d
  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch5_alpha.deb
    Size/MD5 checksum:   328464 e5323045e55edea08408bfb9b47d31bc
  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch5_alpha.deb
    Size/MD5 checksum:   547790 454e9579fc03822ba624f1b95a2233db

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch5_amd64.deb
    Size/MD5 checksum:   389592 c223bf87fc20485989fac3d45781479e
  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch5_amd64.deb
    Size/MD5 checksum:   539538 aa4f2394318c69cfb830b0b9ff60910f
  http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch5_amd64.deb
    Size/MD5 checksum:   183748 179c1000c3fb9eb03ccc4e4d13be31b7
  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch5_amd64.deb
    Size/MD5 checksum:   314988 147a2771b4a5ec7f0d96b261568876a9

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch5_arm.deb
    Size/MD5 checksum:   511366 a4d8c9026f1796c25cb2b7c52ef2a3ed
  http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch5_arm.deb
    Size/MD5 checksum:   170044 b6bde115c495dce839a52c7429f0dbf2
  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch5_arm.deb
    Size/MD5 checksum:   355394 dd804a20100e1ea6e952822f10f7439b
  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch5_arm.deb
    Size/MD5 checksum:   283498 d1812b33b152335943b56b27766b06b1

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch5_hppa.deb
    Size/MD5 checksum:   184760 2c91694636ada0deaf3d6bf5282b2e39
  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch5_hppa.deb
    Size/MD5 checksum:   435846 9aca168f530875a37e2f642e4eedf8d7
  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch5_hppa.deb
    Size/MD5 checksum:   522290 0c7d5b25764b7417614b060bfd75ba0b
  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch5_hppa.deb
    Size/MD5 checksum:   313032 8ce1083248396d54bfa7e5e48d8d539f

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch5_i386.deb
    Size/MD5 checksum:   361204 cebc5c072963706a77e1de7a4e3007ff
  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch5_i386.deb
    Size/MD5 checksum:   526762 fc875479e7073f653d1861466b161c4f
  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch5_i386.deb
    Size/MD5 checksum:   283234 e631928f6b98dfb87101c95a3ef05d5b
  http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch5_i386.deb
    Size/MD5 checksum:   173680 3452c95f32e6385391700792ad29f178

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch5_ia64.deb
    Size/MD5 checksum:   528676 fc9737d4f76e4f100d49369640c14410
  http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch5_ia64.deb
    Size/MD5 checksum:   229464 bbc0fa1b84059efe0bb237bee57a813a
  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch5_ia64.deb
    Size/MD5 checksum:   395210 d2939943712f32f8a2ece29c5b8997e6
  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch5_ia64.deb
    Size/MD5 checksum:   550718 e47c23d4c04d653b1b17f21eff5fe995

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch5_mips.deb
    Size/MD5 checksum:   279672 3eca03ed4ee8700a0fb7c4a290c02035
  http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch5_mips.deb
    Size/MD5 checksum:   183084 8d8218914a3b18501f727b7d2423e7bd
  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch5_mips.deb
    Size/MD5 checksum:   418826 a38125c2aa8353e0db7628f58c48501d
  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch5_mips.deb
    Size/MD5 checksum:   554026 999ec1b017db3b9b01f992482e34e834

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch5_mipsel.deb
    Size/MD5 checksum:   182966 f74f61b271ef2dacc697da994de63c6e
  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch5_mipsel.deb
    Size/MD5 checksum:   542526 8d5d1b10a2b699baec693032bd7c8220
  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch5_mipsel.deb
    Size/MD5 checksum:   278144 fefb167c9b703c941a74b31cc1e57386
  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch5_mipsel.deb
    Size/MD5 checksum:   417548 295cac79e17bb91af79994dd42beff12

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch5_powerpc.deb
    Size/MD5 checksum:   539140 f5c6093941de4bad63a9358937d9e9bf
  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch5_powerpc.deb
    Size/MD5 checksum:   289256 a6ba2fe745aefb77298904838dbe89c3
  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch5_powerpc.deb
    Size/MD5 checksum:   389278 6b95f79d0ab35bfead0aba6d264fadf6
  http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch5_powerpc.deb
    Size/MD5 checksum:   184878 93e1dfdab5f4aefc0441efbc8b3629e3

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch5_s390.deb
    Size/MD5 checksum:   311948 f12b41557a868704cc4b0c3d523d7152
  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch5_s390.deb
    Size/MD5 checksum:   380612 22613e21463f904382ee8396d7bcb560
  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch5_s390.deb
    Size/MD5 checksum:   537998 7433adff9256f314176abde8a8f5189f
  http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch5_s390.deb
    Size/MD5 checksum:   184766 b1c26cac411fdf46bc70110c5d63bda1

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch5_sparc.deb
    Size/MD5 checksum:   380326 edb042b81a29e7ebb1f6e76012344721
  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch5_sparc.deb
    Size/MD5 checksum:   491774 0006fe36e413ac3d043261d3ea255f54
  http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch5_sparc.deb
    Size/MD5 checksum:   169592 a64346f82d82c65663eb5a7c841575e0
  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch5_sparc.deb
    Size/MD5 checksum:   271534 0a2ae15d598949739a8cac53cfd1a686


Debian GNU/Linux 5.0 alias lenny
- - --------------------------------

Debian (stable)
- - ---------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/g/gnutls26/gnutls26_2.4.2-6+lenny2.diff.gz
    Size/MD5 checksum:    22541 cf40d750533c71674457d06009bb0782
  http://security.debian.org/pool/updates/main/g/gnutls26/gnutls26_2.4.2-6+lenny2.dsc
    Size/MD5 checksum:     1613 11f849268b5a2eaa380f9ead0adfb115
  http://security.debian.org/pool/updates/main/g/gnutls26/gnutls26_2.4.2.orig.tar.gz
    Size/MD5 checksum:  5984345 8fea7c57f4badcafcd31eb0f981f169a

Architecture independent packages:

  http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-doc_2.4.2-6+lenny2_all.deb
    Size/MD5 checksum:  2761832 515f3fe721d0ff35dd94d213f6a63c1d

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny2_alpha.deb
    Size/MD5 checksum:   218632 e9bfc365dd3e67e7d2fa3f1e2abe69d9
  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny2_alpha.deb
    Size/MD5 checksum:   748238 20538636930652560875eb2cbad30db5
  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny2_alpha.deb
    Size/MD5 checksum:   515934 f6deaa1519b88b14a7d49cfb52239a6d
  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny2_alpha.deb
    Size/MD5 checksum:  1143310 c72c8cc75bb5872c3ee76d9741015ebf
  http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny2_alpha.deb
    Size/MD5 checksum:   298230 1c4f2fcffc99ccfb4df1c66b82d7a28d

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny2_amd64.deb
    Size/MD5 checksum:   285466 2771d1bd8e7bd6e3aabed272fe978ee8
  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny2_amd64.deb
    Size/MD5 checksum:   587384 2ad87b2c3d54aceaf3e4f7c54f8fed98
  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny2_amd64.deb
    Size/MD5 checksum:  1137154 dee3ab7e6a5f614841dcb54ab18c2d87
  http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny2_amd64.deb
    Size/MD5 checksum:   216556 3ef162abcab4745ed09e7d23c5e65967
  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny2_amd64.deb
    Size/MD5 checksum:   506906 6a4ef62028952937923c6708bab643e4

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny2_arm.deb
    Size/MD5 checksum:   206572 ebda0a0cebf25d34c08536c3333e8107
  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny2_arm.deb
    Size/MD5 checksum:   446094 8618d03f2815c756e249752d43c21e94
  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny2_arm.deb
    Size/MD5 checksum:  1071036 95ca4f0094561941ec4eb5ae64b9aa92
  http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny2_arm.deb
    Size/MD5 checksum:   269802 c755c7a41a44cbf43c0de503d72a346c
  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny2_arm.deb
    Size/MD5 checksum:   528212 609e43315302a8f69c94b611565309bb

armel architecture (ARM EABI)

  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny2_armel.deb
    Size/MD5 checksum:   530970 47450c2aa5500ac11c20ea97da9a39a5
  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny2_armel.deb
    Size/MD5 checksum:  1076498 013949caf00bb4c09c6a938cc9e1663f
  http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny2_armel.deb
    Size/MD5 checksum:   266782 11690d1391b24583f46e5d4c5e52c496
  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny2_armel.deb
    Size/MD5 checksum:   453366 650e7db38325c50b6b6400d41fab6e3e
  http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny2_armel.deb
    Size/MD5 checksum:   206556 8ef962910e5e42d012333145a7bc5605

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny2_hppa.deb
    Size/MD5 checksum:   623332 a71ae72f1b083de29e38be2377e5f801
  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny2_hppa.deb
    Size/MD5 checksum:  1092220 0ee7714f23bc078deb4b06e1902143a2
  http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny2_hppa.deb
    Size/MD5 checksum:   288222 5265c4a75dc4ccf047d6618977c347b5
  http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny2_hppa.deb
    Size/MD5 checksum:   216368 0a70676d3d6438687f8e0ad7bc60e46e
  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny2_hppa.deb
    Size/MD5 checksum:   490244 948e9671cbdf50eed5a0c8381855c312

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny2_i386.deb
    Size/MD5 checksum:   464294 e7c49812fe0f7e30ef2b161586afcb9e
  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny2_i386.deb
    Size/MD5 checksum:  1091520 5d34ba25dbce51d201bd5a59e1a7be1d
  http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny2_i386.deb
    Size/MD5 checksum:   269416 f6131b2bb1ed2cfda08e12a5d2ff7924
  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny2_i386.deb
    Size/MD5 checksum:   538716 afe8584d673272b885a933aeb474b57a
  http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny2_i386.deb
    Size/MD5 checksum:   211260 d66a4b3d2c9b16ae10e22e187f6f49d4

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny2_ia64.deb
    Size/MD5 checksum:   783302 c84f0b7f414238a52a308c5c25408745
  http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny2_ia64.deb
    Size/MD5 checksum:   341950 8376cd61be6ed247cac0ed841956b3bf
  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny2_ia64.deb
    Size/MD5 checksum:   933244 4720f477f77f2ed23a7d3d8664e29dfb
  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny2_ia64.deb
    Size/MD5 checksum:   608048 612e75ae6b520813f37c3061a6d93115

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny2_mips.deb
    Size/MD5 checksum:   612326 0a3fd65aab1aebece219144928875655
  http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny2_mips.deb
    Size/MD5 checksum:   204168 481c3f5b56f66a5d3329121aab270e35
  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny2_mips.deb
    Size/MD5 checksum:  1156518 6207ed31c70b935dcbc9947b7f932413
  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny2_mips.deb
    Size/MD5 checksum:   450508 d84e9b08891328982adbfb715d5661d8
  http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny2_mips.deb
    Size/MD5 checksum:   277200 86d9f508062854355749ce61f08454f3

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny2_mipsel.deb
    Size/MD5 checksum:   447986 941adce495faf0246f500cad682eecf9
  http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny2_mipsel.deb
    Size/MD5 checksum:   276896 e202c2e264c68e517f5adf6e8c1754da
  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny2_mipsel.deb
    Size/MD5 checksum:  1135302 63c1c0f1d0fd295ca2ff404cc1d26d4d
  http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny2_mipsel.deb
    Size/MD5 checksum:   203662 3ab214e0b28c9e58cf8a0055610bf941
  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny2_mipsel.deb
    Size/MD5 checksum:   608742 89860b25c70999416ecf1d55e8349633

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny2_s390.deb
    Size/MD5 checksum:   216318 d5f5f6f3a1e9890442cbaa95add449c7
  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny2_s390.deb
    Size/MD5 checksum:  1130814 126787b5691cd8301b26d785a4612509
  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny2_s390.deb
    Size/MD5 checksum:   566688 b9098ac0484dbc9788d6305a4cb042b4
  http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny2_s390.deb
    Size/MD5 checksum:   289924 58f71ff0b729d1d4656db37a39e09468
  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny2_s390.deb
    Size/MD5 checksum:   496000 6bc48e6d342fd1226ba2e3b649ce80bd

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny2_sparc.deb
    Size/MD5 checksum:   438672 262013091fcac289b5fcc6420e25b287
  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny2_sparc.deb
    Size/MD5 checksum:  1023036 2157723b3f9cf676a80cbcedc892cad1
  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny2_sparc.deb
    Size/MD5 checksum:   556984 079e6f596226d14e673bad1cefd487fc
  http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny2_sparc.deb
    Size/MD5 checksum:   209502 c01e31234b9a6dcd4ade38354a1cc4ef
  http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny2_sparc.deb
    Size/MD5 checksum:   276656 f0a16e2061a5bf67e58db0ff2b1a570a


  These files will probably be moved into the stable distribution on
  its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAksCqTwACgkQHYflSXNkfP9qmACdEy7+wOGrR6IOoY6Xq/aANRo2
61QAn3kZr4APE34L1qsgGc5/bFijAykh
=Qi+6
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iD8DBQFLAztiNVH5XJJInbgRAr0WAJ49TKWktpmHa4XS4WyqTwgofzo+RwCgiREq
iRcQxsWPzvLJ+jugAEnvYqM=
=VXoL
-----END PGP SIGNATURE-----