=========================================================== Ubuntu Security Notice USN-484-1 July 17, 2007 curl vulnerability CVE-2007-3564 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libcurl3-gnutls 7.15.1-1ubuntu2.1 Ubuntu 6.10: libcurl3-gnutls 7.15.4-1ubuntu2.2 Ubuntu 7.04: libcurl3-gnutls 7.15.5-1ubuntu2.1 After a standard system upgrade you need to reboot your computer to effect the necessary changes. Details follow: It was discovered that the GnuTLS certificate verification methods implemented in Curl did not check for expiration and activation dates. When performing validations, tools using libcurl3-gnutls would incorrectly allow connections to sites using expired certificates. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.15.1-1ubuntu2.1.diff.gz Size/MD5: 183225 3495d3c1b7b0f9812ff978832c31d8f9 http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.15.1-1ubuntu2.1.dsc Size/MD5: 938 53a58f1db4d0112f1260c78d275c0aab http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.15.1.orig.tar.gz Size/MD5: 1769992 63be206109486d4653c73823aa2b34fa Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dev_7.15.1-1ubuntu2.1_all.deb Size/MD5: 30978 acb278121d48167cb0f3e9db406008b5 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.15.1-1ubuntu2.1_amd64.deb Size/MD5: 169270 8fd332bf91134007ceaf24da11708ccf http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dbg_7.15.1-1ubuntu2.1_amd64.deb Size/MD5: 540160 5673d9d6fcf82116353c6852a8416f90 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-gnutls-dev_7.15.1-1ubuntu2.1_amd64.deb Size/MD5: 716182 ec0bda4317f51ad725862516675eed6e http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-gnutls_7.15.1-1ubuntu2.1_amd64.deb Size/MD5: 167432 5876792ccc569ddcbc436113dd611beb http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-openssl-dev_7.15.1-1ubuntu2.1_amd64.deb Size/MD5: 723088 21274f88ab48e9821fc33985abbb07f7 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3_7.15.1-1ubuntu2.1_amd64.deb Size/MD5: 172480 e43c732e1e6d540f7b43218c5b86e9c9 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.15.1-1ubuntu2.1_i386.deb Size/MD5: 168134 69ac42a25f62527aa840944cc901bc10 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dbg_7.15.1-1ubuntu2.1_i386.deb Size/MD5: 506336 76d27984aaa318f56d9067a0d19fa5c1 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-gnutls-dev_7.15.1-1ubuntu2.1_i386.deb Size/MD5: 699734 5e49df506a1adcff171f01fb8d434c9f http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-gnutls_7.15.1-1ubuntu2.1_i386.deb Size/MD5: 160052 3b0c0cb10c664372254f40549a166d02 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-openssl-dev_7.15.1-1ubuntu2.1_i386.deb Size/MD5: 704014 8fcd4f08a3e43688955a83bafc3ff3f7 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3_7.15.1-1ubuntu2.1_i386.deb Size/MD5: 164924 616bf253b7a11307a2286011a506ce35 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.15.1-1ubuntu2.1_powerpc.deb Size/MD5: 171800 67ec27bc7cbed2aa5008f6a352911d3c http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dbg_7.15.1-1ubuntu2.1_powerpc.deb Size/MD5: 541294 23e8698d68d7f6552b4e14be50621a06 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-gnutls-dev_7.15.1-1ubuntu2.1_powerpc.deb Size/MD5: 722380 e3e939692fc21f1c84b7d8bb47cbfefd http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-gnutls_7.15.1-1ubuntu2.1_powerpc.deb Size/MD5: 169640 b9e35693d65476da2c171c38a1705781 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-openssl-dev_7.15.1-1ubuntu2.1_powerpc.deb Size/MD5: 728238 ccba1d1a54f1e655b404c3ab554d355f http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3_7.15.1-1ubuntu2.1_powerpc.deb Size/MD5: 174284 30c380963c37ccff4635b46e431f0c40 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.15.1-1ubuntu2.1_sparc.deb Size/MD5: 168952 11e523b5ea0a6a8ed122022938f2d1e3 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dbg_7.15.1-1ubuntu2.1_sparc.deb Size/MD5: 509942 656036d90a8029426d9dd5fa80f517c6 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-gnutls-dev_7.15.1-1ubuntu2.1_sparc.deb Size/MD5: 709192 de1d0d8efeccde3a6b52bf2bd3e514cf http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-gnutls_7.15.1-1ubuntu2.1_sparc.deb Size/MD5: 162602 5e14a206a09a7ddc3595289c1a35c1b8 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-openssl-dev_7.15.1-1ubuntu2.1_sparc.deb Size/MD5: 713824 ceeb282e90f8c6b80d89bc3e9327c783 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3_7.15.1-1ubuntu2.1_sparc.deb Size/MD5: 166782 da0a4c662e98a1f6259da2938b9f8eef Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.15.4-1ubuntu2.2.diff.gz Size/MD5: 19451 625518d2bbd325db46f7ad4b8debb602 http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.15.4-1ubuntu2.2.dsc Size/MD5: 942 cb3054669cfaa0c51fd757c7a44a3fc7 http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.15.4.orig.tar.gz Size/MD5: 1870439 345f407f85bcb36075bc298afe1de953 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dev_7.15.4-1ubuntu2.2_all.deb Size/MD5: 21136 2b95b5bbaa86a48b91c8d87a705524f2 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.15.4-1ubuntu2.2_amd64.deb Size/MD5: 162426 11806b9335aafa82394377a74f3d65ea http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dbg_7.15.4-1ubuntu2.2_amd64.deb Size/MD5: 823074 c11ddf6ce511e4809288377ca4aa86a7 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-gnutls-dev_7.15.4-1ubuntu2.2_amd64.deb Size/MD5: 754916 04724c0ed915bcbde748bfacf10a67f8 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-gnutls_7.15.4-1ubuntu2.2_amd64.deb Size/MD5: 163132 3785598197c9679a1d91fe8837a060d3 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-openssl-dev_7.15.4-1ubuntu2.2_amd64.deb Size/MD5: 762206 966aa201d7b17f6a87203f653eb4129d http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3_7.15.4-1ubuntu2.2_amd64.deb Size/MD5: 168776 4a6f82f361c1d22dce1f0f9b0de40470 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.15.4-1ubuntu2.2_i386.deb Size/MD5: 162164 c07e1caeed913625260853ffdfbb8292 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dbg_7.15.4-1ubuntu2.2_i386.deb Size/MD5: 793760 45fafcd13f0811bd18d60ab88d36cd84 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-gnutls-dev_7.15.4-1ubuntu2.2_i386.deb Size/MD5: 740392 0586b53f280bd090412b2eedd2d05c93 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-gnutls_7.15.4-1ubuntu2.2_i386.deb Size/MD5: 160358 7cf3f3ec250428f231e4f7e51bb995b2 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-openssl-dev_7.15.4-1ubuntu2.2_i386.deb Size/MD5: 746886 2660f92e5102ba65063641684c4f9974 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3_7.15.4-1ubuntu2.2_i386.deb Size/MD5: 165236 ff76d9c64e8dd24a459b36db41676d45 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.15.4-1ubuntu2.2_powerpc.deb Size/MD5: 165102 57061fd7b192ceea122997ee2bf27213 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dbg_7.15.4-1ubuntu2.2_powerpc.deb Size/MD5: 834210 efd1b06827be6eab2561865a3408ff0c http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-gnutls-dev_7.15.4-1ubuntu2.2_powerpc.deb Size/MD5: 762694 d352501e7b5c265e0ce6c85c2719f1a5 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-gnutls_7.15.4-1ubuntu2.2_powerpc.deb Size/MD5: 167004 c7cd2b73b3f64c882a0715de14ed2450 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-openssl-dev_7.15.4-1ubuntu2.2_powerpc.deb Size/MD5: 768164 093a76af0add856e798c6daa08264bbe http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3_7.15.4-1ubuntu2.2_powerpc.deb Size/MD5: 171810 7776d430c0a5dbedd07e9a1ce551600f sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.15.4-1ubuntu2.2_sparc.deb Size/MD5: 162060 918b2cadf93b5db7325316ccd335e937 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dbg_7.15.4-1ubuntu2.2_sparc.deb Size/MD5: 782900 bf43ee4867468402d58554cfc2dce35f http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-gnutls-dev_7.15.4-1ubuntu2.2_sparc.deb Size/MD5: 746044 c9e6206f8bd3856c27a43953f98ae08b http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-gnutls_7.15.4-1ubuntu2.2_sparc.deb Size/MD5: 158508 d0bda91940feb11e3d5193b3ab5c11ee http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-openssl-dev_7.15.4-1ubuntu2.2_sparc.deb Size/MD5: 752404 723a03cc344739a4a76ac93aa54c7413 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3_7.15.4-1ubuntu2.2_sparc.deb Size/MD5: 163744 f3bb65fc94b8421eae7c0980f76b7cec Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.15.5-1ubuntu2.1.diff.gz Size/MD5: 19959 74448240e99df445a95c3dfc9a5fedfa http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.15.5-1ubuntu2.1.dsc Size/MD5: 1017 e5ac62cfcd246daa79c8ea31fe1873d0 http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.15.5.orig.tar.gz Size/MD5: 1897973 61997c0d852d38c3a85b445f4fc02892 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dev_7.15.5-1ubuntu2.1_all.deb Size/MD5: 23086 66ff60f3a9606bfcbd9161555ba98ffd amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.15.5-1ubuntu2.1_amd64.deb Size/MD5: 164778 a60ca725ef39a67311e1cf625182dd70 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dbg_7.15.5-1ubuntu2.1_amd64.deb Size/MD5: 833362 3b2afe676373e1590e739d51e1a2effa http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-gnutls-dev_7.15.5-1ubuntu2.1_amd64.deb Size/MD5: 769302 46e4ce27971b0085e4e9b8621ac78325 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-gnutls_7.15.5-1ubuntu2.1_amd64.deb Size/MD5: 166572 47c34f6db4f6ac2e279f431dfa43f919 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-openssl-dev_7.15.5-1ubuntu2.1_amd64.deb Size/MD5: 774430 724da4b31b2af0e494587ea67e627c05 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3_7.15.5-1ubuntu2.1_amd64.deb Size/MD5: 171922 3740c0419c27f58699ad0cbf1f62bc9d i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.15.5-1ubuntu2.1_i386.deb Size/MD5: 163624 9b363c065850cdc5de4c0c2c8d577c8e http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dbg_7.15.5-1ubuntu2.1_i386.deb Size/MD5: 803414 61aebe04fe304b8071dc3e3c6d599f54 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-gnutls-dev_7.15.5-1ubuntu2.1_i386.deb Size/MD5: 754982 46d39efe3b3cf381fa9768b206907561 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-gnutls_7.15.5-1ubuntu2.1_i386.deb Size/MD5: 163688 9aa531b89e7a91c7dd423f61b6d1e9ea http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-openssl-dev_7.15.5-1ubuntu2.1_i386.deb Size/MD5: 761626 7ca1a3498af64e00a0b14d475c318cf6 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3_7.15.5-1ubuntu2.1_i386.deb Size/MD5: 168614 c8847b248ea0a07c2880a39e8c273b24 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.15.5-1ubuntu2.1_powerpc.deb Size/MD5: 168188 fba30c479bb726600efbbe247dacdfcc http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dbg_7.15.5-1ubuntu2.1_powerpc.deb Size/MD5: 846224 0e24e1e334bb9a9c2307a5dc06a4ea73 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-gnutls-dev_7.15.5-1ubuntu2.1_powerpc.deb Size/MD5: 774878 f608fffc2d89b530081ea487edc4f023 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-gnutls_7.15.5-1ubuntu2.1_powerpc.deb Size/MD5: 173086 c88e11092d9204a6a80e23100a9e02d3 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-openssl-dev_7.15.5-1ubuntu2.1_powerpc.deb Size/MD5: 783072 90e2eadef1e4e2073dd5db9b4a1b0bfb http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3_7.15.5-1ubuntu2.1_powerpc.deb Size/MD5: 178630 089d0eda4d96a7049a019e381d098ab3 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/c/curl/curl_7.15.5-1ubuntu2.1_sparc.deb Size/MD5: 164324 12f65aeaeb95a0b15e68b2f98694cf94 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-dbg_7.15.5-1ubuntu2.1_sparc.deb Size/MD5: 795758 a20f9a4bbc35483e8e54f278759f1015 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-gnutls-dev_7.15.5-1ubuntu2.1_sparc.deb Size/MD5: 760786 33ae03fb796e3048bb092b54fbad9814 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-gnutls_7.15.5-1ubuntu2.1_sparc.deb Size/MD5: 161990 ca9d9ddf030b10d33cf71bd9bacde2cf http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3-openssl-dev_7.15.5-1ubuntu2.1_sparc.deb Size/MD5: 767010 f20906df0712ffe167ac6dffb14137f5 http://security.ubuntu.com/ubuntu/pool/main/c/curl/libcurl3_7.15.5-1ubuntu2.1_sparc.deb Size/MD5: 167104 fcef10350591f8799ccc2ff9f77b9035