=========================================================== Ubuntu Security Notice USN-613-1 May 21, 2008 gnutls12, gnutls13 vulnerabilities CVE-2008-1948, CVE-2008-1949, CVE-2008-1950 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libgnutls12 1.2.9-2ubuntu1.2 Ubuntu 7.04: libgnutls13 1.4.4-3ubuntu0.1 Ubuntu 7.10: libgnutls13 1.6.3-1ubuntu0.1 Ubuntu 8.04 LTS: libgnutls13 2.0.4-1ubuntu2.1 After a standard system upgrade you need to reboot your computer to effect the necessary changes. Details follow: Multiple flaws were discovered in the connection handling of GnuTLS. A remote attacker could exploit this to crash applications linked against GnuTLS, or possibly execute arbitrary code with permissions of the application's user. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/gnutls12_1.2.9-2ubuntu1.2.diff.gz Size/MD5: 557563 d4a7ed44e30292434380ed775ee7cee2 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/gnutls12_1.2.9-2ubuntu1.2.dsc Size/MD5: 818 d46f4919e3988219afc3c80035113f28 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/gnutls12_1.2.9.orig.tar.gz Size/MD5: 3305475 4e1a2e9c22c7d6459d5eb5e6484a19c4 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/libgnutls-dev_1.2.9-2ubuntu1.2_amd64.deb Size/MD5: 491268 3f1429fa95d972c51f48503d5595f268 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/libgnutls12_1.2.9-2ubuntu1.2_amd64.deb Size/MD5: 420252 3092516052888efd60451e865f729426 http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls12/gnutls-bin_1.2.9-2ubuntu1.2_amd64.deb Size/MD5: 288160 76016ded0ab79a6aa017aebe328e39be http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls12/libgnutls12-dbg_1.2.9-2ubuntu1.2_amd64.deb Size/MD5: 642376 013235b59022b6a231976f29f60c90f6 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/libgnutls-dev_1.2.9-2ubuntu1.2_i386.deb Size/MD5: 445066 1c333142fc9c0c1cc603f05fb8e10e04 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/libgnutls12_1.2.9-2ubuntu1.2_i386.deb Size/MD5: 372978 1c4022f8f8b61029fc28722861a7c88f http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls12/gnutls-bin_1.2.9-2ubuntu1.2_i386.deb Size/MD5: 271984 ce0d0c0374b5b989d5757798a779623e http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls12/libgnutls12-dbg_1.2.9-2ubuntu1.2_i386.deb Size/MD5: 578016 d9986a566aea73078d41ff9dbd3a6154 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/libgnutls-dev_1.2.9-2ubuntu1.2_powerpc.deb Size/MD5: 484130 98bb92742c5ebac7b22bb01bff8a1bda http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/libgnutls12_1.2.9-2ubuntu1.2_powerpc.deb Size/MD5: 390752 41c3c6175c55b99f62e7a28a1d28aa74 http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls12/gnutls-bin_1.2.9-2ubuntu1.2_powerpc.deb Size/MD5: 288398 f62de58a80a67a5dff81abc77e896777 http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls12/libgnutls12-dbg_1.2.9-2ubuntu1.2_powerpc.deb Size/MD5: 635166 125724549d9a528281ee78d0b4029d4c sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/libgnutls-dev_1.2.9-2ubuntu1.2_sparc.deb Size/MD5: 480438 b5802b82ddb4070da70870cde4c0056f http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/libgnutls12_1.2.9-2ubuntu1.2_sparc.deb Size/MD5: 376204 7f8da2b38f6874e1c2845703a70b932a http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls12/gnutls-bin_1.2.9-2ubuntu1.2_sparc.deb Size/MD5: 273124 90963120c7d1b8ae3596d4fab4110da1 http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls12/libgnutls12-dbg_1.2.9-2ubuntu1.2_sparc.deb Size/MD5: 570222 83f37a221499cdc6b44eebc891d6d023 Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/gnutls13_1.4.4-3ubuntu0.1.diff.gz Size/MD5: 19295 7ede58c7bbcd6215beb11547965ecc15 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/gnutls13_1.4.4-3ubuntu0.1.dsc Size/MD5: 1049 f27e68df974f39781754f63d306b0639 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/gnutls13_1.4.4.orig.tar.gz Size/MD5: 4752009 c06ada020e2b69caa51833175d59f8b2 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/gnutls-doc_1.4.4-3ubuntu0.1_all.deb Size/MD5: 2307388 ca811f6556d307e6cf93b14786d51f75 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/libgnutls-dev_1.4.4-3ubuntu0.1_amd64.deb Size/MD5: 393370 c1e6fb2c19a59df693d8292723767cd2 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/libgnutls13-dbg_1.4.4-3ubuntu0.1_amd64.deb Size/MD5: 544788 5c4040ce92955476d9a4839fa7723691 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/libgnutls13_1.4.4-3ubuntu0.1_amd64.deb Size/MD5: 324090 9582e129d9e7d8b8883e1fc58c676df0 http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls13/gnutls-bin_1.4.4-3ubuntu0.1_amd64.deb Size/MD5: 185440 3e4f85cb58ff46e6047859c9e40eae3b i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/libgnutls-dev_1.4.4-3ubuntu0.1_i386.deb Size/MD5: 358054 3df1d27b5056aabe2d3e2633b7d9a422 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/libgnutls13-dbg_1.4.4-3ubuntu0.1_i386.deb Size/MD5: 527888 05b3b005330fcc3db7ad0347c2c8cff8 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/libgnutls13_1.4.4-3ubuntu0.1_i386.deb Size/MD5: 289762 b523eca841531907ea5d5efed425263e http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls13/gnutls-bin_1.4.4-3ubuntu0.1_i386.deb Size/MD5: 172700 1ca9e38c4410ee606c75b16be88a8326 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/libgnutls-dev_1.4.4-3ubuntu0.1_powerpc.deb Size/MD5: 394926 fc26cab41ec334bfc1ebebaa387fa594 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/libgnutls13-dbg_1.4.4-3ubuntu0.1_powerpc.deb Size/MD5: 541752 78addd1a470b8e9321357a62fb7a052a http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/libgnutls13_1.4.4-3ubuntu0.1_powerpc.deb Size/MD5: 309276 d6e6a8e3d05c3fdab87fc9f58ad88d4f http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls13/gnutls-bin_1.4.4-3ubuntu0.1_powerpc.deb Size/MD5: 200272 ab06358a1f996cd32d9a4220659af73b sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/libgnutls-dev_1.4.4-3ubuntu0.1_sparc.deb Size/MD5: 383170 5e0dbd0ae23158190f77da174462e555 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/libgnutls13-dbg_1.4.4-3ubuntu0.1_sparc.deb Size/MD5: 495058 3f068d4fef0a3f700744195ac42265c6 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/libgnutls13_1.4.4-3ubuntu0.1_sparc.deb Size/MD5: 279794 dae2786e8ea02904b7b3edfc696b45dc http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls13/gnutls-bin_1.4.4-3ubuntu0.1_sparc.deb Size/MD5: 175844 78e930a0041adc3f88da1e3cb475de79 Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/gnutls13_1.6.3-1ubuntu0.1.diff.gz Size/MD5: 19000 3f8d96094c8661848bab6126ca5c95e3 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/gnutls13_1.6.3-1ubuntu0.1.dsc Size/MD5: 1067 4576864997e6d4a18816d3836c7f22b1 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/gnutls13_1.6.3.orig.tar.gz Size/MD5: 5071704 3c71020126ac827319183268c97336fe Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/gnutls-doc_1.6.3-1ubuntu0.1_all.deb Size/MD5: 2405598 1afd1b3300d9c94cd2809d6a7f8eb3ae amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/libgnutls-dev_1.6.3-1ubuntu0.1_amd64.deb Size/MD5: 437310 eac97e36c5f87d9d47068224126ce142 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/libgnutls13-dbg_1.6.3-1ubuntu0.1_amd64.deb Size/MD5: 791796 a95cb94ffb27ccbc82f8f831a2696319 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/libgnutls13_1.6.3-1ubuntu0.1_amd64.deb Size/MD5: 346308 97982fae446f511a52c8435c40a02722 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/libgnutlsxx13_1.6.3-1ubuntu0.1_amd64.deb Size/MD5: 104558 7c27e8051d52090073a92c5d14b437c5 http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls13/gnutls-bin_1.6.3-1ubuntu0.1_amd64.deb Size/MD5: 212032 9bc11aa6c5c254fb42fb3084582a87e4 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/libgnutls-dev_1.6.3-1ubuntu0.1_i386.deb Size/MD5: 399832 f563e359ee1f44e7a642f47b6b6bcb76 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/libgnutls13-dbg_1.6.3-1ubuntu0.1_i386.deb Size/MD5: 764122 14983188783b81b0fb4d89f37c1777cd http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/libgnutls13_1.6.3-1ubuntu0.1_i386.deb Size/MD5: 314338 d4241906f687259f4331bf0b204089aa http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/libgnutlsxx13_1.6.3-1ubuntu0.1_i386.deb Size/MD5: 105266 1394d69817ee438dcb67c576b7b16513 http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls13/gnutls-bin_1.6.3-1ubuntu0.1_i386.deb Size/MD5: 198408 250926d17291a45ad7d317f9fd23e546 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutls-dev_1.6.3-1ubuntu0.1_lpia.deb Size/MD5: 392398 1d822d99b4630d6fab5ace9637e9ac36 http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutls13-dbg_1.6.3-1ubuntu0.1_lpia.deb Size/MD5: 777340 768e33d726889b6537b1070fcde37e55 http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutls13_1.6.3-1ubuntu0.1_lpia.deb Size/MD5: 308630 e16925d7042539c06a5c2a38ebb830a6 http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutlsxx13_1.6.3-1ubuntu0.1_lpia.deb Size/MD5: 104704 f6b04712b96b59cd9a599dca9d17ba54 http://ports.ubuntu.com/pool/universe/g/gnutls13/gnutls-bin_1.6.3-1ubuntu0.1_lpia.deb Size/MD5: 199098 007bc39b60ca73fba703c5338d9f272f powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/libgnutls-dev_1.6.3-1ubuntu0.1_powerpc.deb Size/MD5: 438872 8bb78c2713235382714e0920faa63b12 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/libgnutls13-dbg_1.6.3-1ubuntu0.1_powerpc.deb Size/MD5: 791520 a638665d0b2fb57604485296edc3d6e6 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/libgnutls13_1.6.3-1ubuntu0.1_powerpc.deb Size/MD5: 336164 5300c4c742285fcc735750b25240fce5 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/libgnutlsxx13_1.6.3-1ubuntu0.1_powerpc.deb Size/MD5: 104884 c1cdd29d2da2c41c21bb9b4572d6ca2a http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls13/gnutls-bin_1.6.3-1ubuntu0.1_powerpc.deb Size/MD5: 230704 a78a003c50f7706f686391bfeb19beb4 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/libgnutls-dev_1.6.3-1ubuntu0.1_sparc.deb Size/MD5: 424566 82e7830039d630e2aa7bcf860941f49e http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/libgnutls13-dbg_1.6.3-1ubuntu0.1_sparc.deb Size/MD5: 715502 e43a1d75532c74e49c70e9546052118e http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/libgnutls13_1.6.3-1ubuntu0.1_sparc.deb Size/MD5: 304352 c49470588be5ae95b24bab1a637d38f9 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/libgnutlsxx13_1.6.3-1ubuntu0.1_sparc.deb Size/MD5: 103276 961ce89ff41717ad809d7f6b0b5925d3 http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls13/gnutls-bin_1.6.3-1ubuntu0.1_sparc.deb Size/MD5: 202072 f91e80c948cdbd5f92fbd865ce0189dd Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/gnutls13_2.0.4-1ubuntu2.1.diff.gz Size/MD5: 24271 52bcb7cd9df708d88e72bcb1b66e9930 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/gnutls13_2.0.4-1ubuntu2.1.dsc Size/MD5: 1074 0ffbdd72dcf0aefc00c3cdbc013534ce http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/gnutls13_2.0.4.orig.tar.gz Size/MD5: 5906571 bd783a052b892620534ecfbc4a9bfede Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/gnutls-doc_2.0.4-1ubuntu2.1_all.deb Size/MD5: 2506366 157efc628e6a17dc4ff814eb2d7f1718 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/libgnutls-dev_2.0.4-1ubuntu2.1_amd64.deb Size/MD5: 384388 8b98efe0646c7b11db3f4e6b4a1b6562 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/libgnutls13-dbg_2.0.4-1ubuntu2.1_amd64.deb Size/MD5: 743526 31826ecc14af6c6ad6d42d31e710420e http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/libgnutls13_2.0.4-1ubuntu2.1_amd64.deb Size/MD5: 343430 0667362f9f364001299939eb58797e89 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/libgnutlsxx13_2.0.4-1ubuntu2.1_amd64.deb Size/MD5: 30768 47a27b0e7dc33c2768d8a9f7ca74f7d8 http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls13/gnutls-bin_2.0.4-1ubuntu2.1_amd64.deb Size/MD5: 140234 ff537941a89f1c9d799a10deb9430011 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/libgnutls-dev_2.0.4-1ubuntu2.1_i386.deb Size/MD5: 344760 12b47348304ff5368017a412c10c19db http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/libgnutls13-dbg_2.0.4-1ubuntu2.1_i386.deb Size/MD5: 709748 c5dcfcf5e3302d26dd9ca121cde6d4e7 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/libgnutls13_2.0.4-1ubuntu2.1_i386.deb Size/MD5: 306494 5b0997b658ac5a2da3a1e487d37cc8e4 http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/libgnutlsxx13_2.0.4-1ubuntu2.1_i386.deb Size/MD5: 31376 8c39034713c7e0f8e0de5a873dfa63d2 http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls13/gnutls-bin_2.0.4-1ubuntu2.1_i386.deb Size/MD5: 126506 0b627efa3c5353c5df22069915a337f1 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutls-dev_2.0.4-1ubuntu2.1_lpia.deb Size/MD5: 335788 298679594694c02b9716c8d14e28ba7d http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutls13-dbg_2.0.4-1ubuntu2.1_lpia.deb Size/MD5: 724042 57a32c1e5570025337defe3efd11482c http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutls13_2.0.4-1ubuntu2.1_lpia.deb Size/MD5: 300674 5a79308f0bc4ba0830301bf77be279d0 http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutlsxx13_2.0.4-1ubuntu2.1_lpia.deb Size/MD5: 30798 a8c2caa502b38a7facb79bacd984cd74 http://ports.ubuntu.com/pool/universe/g/gnutls13/gnutls-bin_2.0.4-1ubuntu2.1_lpia.deb Size/MD5: 127138 65c6cadd4ebef92e1cdc2fe4c851fedf powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutls-dev_2.0.4-1ubuntu2.1_powerpc.deb Size/MD5: 383354 a86484729ce85d142f787e3b9667b658 http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutls13-dbg_2.0.4-1ubuntu2.1_powerpc.deb Size/MD5: 735644 53a01314db40c90619c7c64bf777c0d8 http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutls13_2.0.4-1ubuntu2.1_powerpc.deb Size/MD5: 324618 5cf33680e8fb34ee15f050825b796e3e http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutlsxx13_2.0.4-1ubuntu2.1_powerpc.deb Size/MD5: 30980 88e0cc1619f94d198e40ce5a596c60c3 http://ports.ubuntu.com/pool/universe/g/gnutls13/gnutls-bin_2.0.4-1ubuntu2.1_powerpc.deb Size/MD5: 159484 0205b31b42607fc30ae89a76f03ee1aa sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutls-dev_2.0.4-1ubuntu2.1_sparc.deb Size/MD5: 370242 9af51ec5b21acab76d3e51ffd1033ba4 http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutls13-dbg_2.0.4-1ubuntu2.1_sparc.deb Size/MD5: 659758 2bf757bc460527d35cae6c56e4d196e5 http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutls13_2.0.4-1ubuntu2.1_sparc.deb Size/MD5: 294234 09858134b071cb04190db2e5f88beabe http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutlsxx13_2.0.4-1ubuntu2.1_sparc.deb Size/MD5: 29460 3e5dbc73fbb4b7b30ef5bab36d61e627 http://ports.ubuntu.com/pool/universe/g/gnutls13/gnutls-bin_2.0.4-1ubuntu2.1_sparc.deb Size/MD5: 129508 6e7e52108fc9b02428d79b784f9b5f23