--xQR6quUbZ63TTuTU Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=20 Ubuntu Security Notice USN-348-1 September 18, 2006 gnutls11, gnutls12 vulnerability CVE-2006-4790 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D A security issue affects the following Ubuntu releases: Ubuntu 5.04 Ubuntu 5.10 Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.04: libgnutls11 1.0.16-13ubuntu0.3 Ubuntu 5.10: libgnutls11 1.0.16-13.1ubuntu1.2 Ubuntu 6.06 LTS: libgnutls11 1.0.16-14ubuntu1.1 libgnutls12 1.2.9-2ubuntu1.1 After a standard system upgrade you need to reboot your computer to effect the necessary changes. Details follow: The GnuTLS library did not sufficiently check the padding of PKCS #1 v1.5 signatures if the exponent of the public key is 3 (which is widely used for CAs). This could be exploited to forge signatures without the need of the secret key. Updated packages for Ubuntu 5.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/gnutls11_1.0.16-= 13ubuntu0.3.diff.gz Size/MD5: 339767 c5bff2326fcb68ed0336e25449012068 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/gnutls11_1.0.16-= 13ubuntu0.3.dsc Size/MD5: 830 c0793d93e9c5b93567099347fa446c72 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/gnutls11_1.0.16.= orig.tar.gz Size/MD5: 1504638 7b410fa3c563c7988e434a8c8671b3cd amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/gnutls-bin_1= =2E0.16-13ubuntu0.3_amd64.deb Size/MD5: 217660 bba5c5e0d5f59354f6b3336367be937f http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-= dbg_1.0.16-13ubuntu0.3_amd64.deb Size/MD5: 575482 a62525c690862f1b4927cc7f55173d3b http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11-dev_= 1.0.16-13ubuntu0.3_amd64.deb Size/MD5: 392664 c78b8dbf6725d02e19da5707d3335124 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11_1.0.= 16-13ubuntu0.3_amd64.deb Size/MD5: 327142 bb345c39bf9e7879432b566bf5e1a235 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/gnutls-bin_1= =2E0.16-13ubuntu0.3_i386.deb Size/MD5: 203632 a467a4155ed992414884c86fc8120e5f http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-= dbg_1.0.16-13ubuntu0.3_i386.deb Size/MD5: 555946 1ffdced169899150a35b540c373b1a0c http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11-dev_= 1.0.16-13ubuntu0.3_i386.deb Size/MD5: 357486 1bbbbc936c849e2ec1b2f6432506a86a http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11_1.0.= 16-13ubuntu0.3_i386.deb Size/MD5: 293636 02023e0e58310001f3ed4d4b31dacb27 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/gnutls-bin_1= =2E0.16-13ubuntu0.3_powerpc.deb Size/MD5: 218566 3dfdc586e1df5663ab8edbb3735ec48c http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-= dbg_1.0.16-13ubuntu0.3_powerpc.deb Size/MD5: 1416126 f51c3ede362394ec62ca07e345d2c4b7 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11-dev_= 1.0.16-13ubuntu0.3_powerpc.deb Size/MD5: 389076 9904c61c7aae79e2d1700b33c92a371a http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11_1.0.= 16-13ubuntu0.3_powerpc.deb Size/MD5: 299668 fac8cd974bcca326209e4c78eff25eac Updated packages for Ubuntu 5.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/gnutls11_1.0.16-= 13.1ubuntu1.2.diff.gz Size/MD5: 340309 49a5050c08af0f81729b45f5f3c8d22d http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/gnutls11_1.0.16-= 13.1ubuntu1.2.dsc Size/MD5: 829 cbd5adc73119254f416328c52203502b http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/gnutls11_1.0.16.= orig.tar.gz Size/MD5: 1504638 7b410fa3c563c7988e434a8c8671b3cd amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/gnutls-bin_1= =2E0.16-13.1ubuntu1.2_amd64.deb Size/MD5: 217668 1ed174a692537d419a0cfe8d126aee7e http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-= dbg_1.0.16-13.1ubuntu1.2_amd64.deb Size/MD5: 501184 076e79bc654983d5980bd5ad1556db6a http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11-dev_= 1.0.16-13.1ubuntu1.2_amd64.deb Size/MD5: 398968 d60fddde214fe3a9ba132f5aa31421f6 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11_1.0.= 16-13.1ubuntu1.2_amd64.deb Size/MD5: 332338 bfdb04fcbc4cc1b35466309e6d1ebe68 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/gnutls-bin_1= =2E0.16-13.1ubuntu1.2_i386.deb Size/MD5: 201838 7e5322c9a0549be64847db789e478f69 http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-= dbg_1.0.16-13.1ubuntu1.2_i386.deb Size/MD5: 443744 4e484450ea0c30d50b77878158021c56 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11-dev_= 1.0.16-13.1ubuntu1.2_i386.deb Size/MD5: 353510 34cedb7560cf2bc326dc608a73fef028 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11_1.0.= 16-13.1ubuntu1.2_i386.deb Size/MD5: 287262 2a22bf7ef42370d27799e9992b183c17 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/gnutls-bin_1= =2E0.16-13.1ubuntu1.2_powerpc.deb Size/MD5: 218960 6ce6df1a4a741c8c12b57ca41ef71d1f http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-= dbg_1.0.16-13.1ubuntu1.2_powerpc.deb Size/MD5: 498738 abffd68ab815093d0fa33a0ddf09d62b http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11-dev_= 1.0.16-13.1ubuntu1.2_powerpc.deb Size/MD5: 395476 715c6b951b76d873024a80816545df6f http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11_1.0.= 16-13.1ubuntu1.2_powerpc.deb Size/MD5: 304944 66adb0761c8004b85c841fc78eaecd9c sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/gnutls-bin_1= =2E0.16-13.1ubuntu1.2_sparc.deb Size/MD5: 205296 10c9919c827341235884044b98c9b9ed http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-= dbg_1.0.16-13.1ubuntu1.2_sparc.deb Size/MD5: 438502 747e41cb86f57b80094a3b9624faaa79 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11-dev_= 1.0.16-13.1ubuntu1.2_sparc.deb Size/MD5: 395448 a73794337f96dd436969f1ce1e1b2ed2 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11_1.0.= 16-13.1ubuntu1.2_sparc.deb Size/MD5: 293108 59e5c1dbc23d906229efdc5fd8b43acb Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/gnutls11_1.0= =2E16-14ubuntu1.1.diff.gz Size/MD5: 340592 3d897a1f6c852961a51e1ed2abd57700 http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/gnutls11_1.0= =2E16-14ubuntu1.1.dsc Size/MD5: 782 ed4ea38a746c3a5c01df97efc1f56684 http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/gnutls11_1.0= =2E16.orig.tar.gz Size/MD5: 1504638 7b410fa3c563c7988e434a8c8671b3cd http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/gnutls12_1.2.9-2= ubuntu1.1.diff.gz Size/MD5: 547210 43343fb58d09ef0157163d61e4b856ac http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/gnutls12_1.2.9-2= ubuntu1.1.dsc Size/MD5: 846 de642e0252450068d262032caa108ab3 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/gnutls12_1.2.9.o= rig.tar.gz Size/MD5: 3305475 4e1a2e9c22c7d6459d5eb5e6484a19c4 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls12/gnutls-bin_1= =2E2.9-2ubuntu1.1_amd64.deb Size/MD5: 288060 ab7b29cc7797add5c945fee37ea08e13 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/libgnutls-dev_1.= 2.9-2ubuntu1.1_amd64.deb Size/MD5: 490866 8f8f9b54a0a351df5cfeabceb90337bd http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-= dbg_1.0.16-14ubuntu1.1_amd64.deb Size/MD5: 492192 14d5105bfb4f1346dc24cdb02282a989 http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-= dev_1.0.16-14ubuntu1.1_amd64.deb Size/MD5: 398922 167aca29f3fb079e0ae59b171d3f80f6 http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11_= 1.0.16-14ubuntu1.1_amd64.deb Size/MD5: 332602 5c80ebe2410af742c3f1e5ebf3f061c4 http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls12/libgnutls12-= dbg_1.2.9-2ubuntu1.1_amd64.deb Size/MD5: 642186 2d6e15d7f57c64dc6a08de1a837f882f http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/libgnutls12_1.2.= 9-2ubuntu1.1_amd64.deb Size/MD5: 419956 77892c1022bdb4e422bb84654bf81275 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls12/gnutls-bin_1= =2E2.9-2ubuntu1.1_i386.deb Size/MD5: 271890 52a8d52f5db1ee7d81573fe3ef8909d0 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/libgnutls-dev_1.= 2.9-2ubuntu1.1_i386.deb Size/MD5: 444560 e62ca7e54d740dae765cff30e2877fea http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-= dbg_1.0.16-14ubuntu1.1_i386.deb Size/MD5: 434914 66cd4ae0e53bac620537befa71b71471 http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-= dev_1.0.16-14ubuntu1.1_i386.deb Size/MD5: 353266 b7882d6444d9946074df3ccda4609548 http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11_= 1.0.16-14ubuntu1.1_i386.deb Size/MD5: 287556 60a01efc8102af04b9418dfdd053d60d http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls12/libgnutls12-= dbg_1.2.9-2ubuntu1.1_i386.deb Size/MD5: 578054 1b0af9f8bbfdca6ab65781d1a761d1f8 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/libgnutls12_1.2.= 9-2ubuntu1.1_i386.deb Size/MD5: 372796 931456f16edb71bc2f3724597b7d25a5 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls12/gnutls-bin_1= =2E2.9-2ubuntu1.1_powerpc.deb Size/MD5: 288282 da78d3aa3f6dc6f55819a7a7b87a8ef9 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/libgnutls-dev_1.= 2.9-2ubuntu1.1_powerpc.deb Size/MD5: 483764 4b9bc5d06ecef2ccfd1bf78cb3a38be3 http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-= dbg_1.0.16-14ubuntu1.1_powerpc.deb Size/MD5: 488222 8809195502f4beb96deb7fa5c5db1971 http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-= dev_1.0.16-14ubuntu1.1_powerpc.deb Size/MD5: 395568 c1a26fe60afbdafdb944ff41dab4b8c1 http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11_= 1.0.16-14ubuntu1.1_powerpc.deb Size/MD5: 304804 c33b1d0470d894ea91d9cabbe921d35e http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls12/libgnutls12-= dbg_1.2.9-2ubuntu1.1_powerpc.deb Size/MD5: 635046 71b63e9a190676debea5a40423da233a http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/libgnutls12_1.2.= 9-2ubuntu1.1_powerpc.deb Size/MD5: 390354 e132049e6323d5d71824379f6bfe57bf sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls12/gnutls-bin_1= =2E2.9-2ubuntu1.1_sparc.deb Size/MD5: 273020 8ccad45ebceb81375ac915a14edc73e5 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/libgnutls-dev_1.= 2.9-2ubuntu1.1_sparc.deb Size/MD5: 480026 9f53727b59d626a0a2cc15ab9bb37331 http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-= dbg_1.0.16-14ubuntu1.1_sparc.deb Size/MD5: 427638 f38fb7a6a633baf4b7100ec839372eab http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-= dev_1.0.16-14ubuntu1.1_sparc.deb Size/MD5: 393658 10ceb83747c49a19b98c51c1d72fdc06 http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11_= 1.0.16-14ubuntu1.1_sparc.deb Size/MD5: 292130 3a032b8476527064933fea01882e912d http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls12/libgnutls12-= dbg_1.2.9-2ubuntu1.1_sparc.deb Size/MD5: 570060 22615e4739a2f71f9977b2c683283e28 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/libgnutls12_1.2.= 9-2ubuntu1.1_sparc.deb Size/MD5: 375898 016adf7e48efcbaa949392a352324d2b --xQR6quUbZ63TTuTU Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFFDsHaDecnbV4Fd/IRAqkeAKD9j7nmLRy6BCXMba5nwkBd9OzYtQCfVKTX yy9Ce+0TmREIR7/NSRCAZmM= =7H3a -----END PGP SIGNATURE----- --xQR6quUbZ63TTuTU--