Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Advisory Watch: March 27th, 2015
Linux Security Week: March 23rd, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Ubuntu: GnuTLS vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu The GnuTLS library did not sufficiently check the padding of PKCS #1 v1.5 signatures if the exponent of the public key is 3 (which is widely used for CAs). This could be exploited to forge signatures without the need of the secret key.
Ubuntu Security Notice USN-348-1         September 18, 2006
gnutls11, gnutls12 vulnerability

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
  libgnutls11                              1.0.16-13ubuntu0.3

Ubuntu 5.10:
  libgnutls11                              1.0.16-13.1ubuntu1.2

Ubuntu 6.06 LTS:
  libgnutls11                              1.0.16-14ubuntu1.1
  libgnutls12                              1.2.9-2ubuntu1.1

After a standard system upgrade you need to reboot your computer to
effect the necessary changes.

Details follow:

The GnuTLS library did not sufficiently check the padding of PKCS #1
v1.5 signatures if the exponent of the public key is 3 (which is
widely used for CAs). This could be exploited to forge signatures
without the need of the secret key.

Updated packages for Ubuntu 5.04:

  Source archives:
      Size/MD5:   339767 c5bff2326fcb68ed0336e25449012068
      Size/MD5:      830 c0793d93e9c5b93567099347fa446c72
      Size/MD5:  1504638 7b410fa3c563c7988e434a8c8671b3cd

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5:   217660 bba5c5e0d5f59354f6b3336367be937f
      Size/MD5:   575482 a62525c690862f1b4927cc7f55173d3b
      Size/MD5:   392664 c78b8dbf6725d02e19da5707d3335124
      Size/MD5:   327142 bb345c39bf9e7879432b566bf5e1a235

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5:   203632 a467a4155ed992414884c86fc8120e5f
      Size/MD5:   555946 1ffdced169899150a35b540c373b1a0c
      Size/MD5:   357486 1bbbbc936c849e2ec1b2f6432506a86a
      Size/MD5:   293636 02023e0e58310001f3ed4d4b31dacb27

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5:   218566 3dfdc586e1df5663ab8edbb3735ec48c
      Size/MD5:  1416126 f51c3ede362394ec62ca07e345d2c4b7
      Size/MD5:   389076 9904c61c7aae79e2d1700b33c92a371a
      Size/MD5:   299668 fac8cd974bcca326209e4c78eff25eac

Updated packages for Ubuntu 5.10:

  Source archives:
      Size/MD5:   340309 49a5050c08af0f81729b45f5f3c8d22d
      Size/MD5:      829 cbd5adc73119254f416328c52203502b
      Size/MD5:  1504638 7b410fa3c563c7988e434a8c8671b3cd

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5:   217668 1ed174a692537d419a0cfe8d126aee7e
      Size/MD5:   501184 076e79bc654983d5980bd5ad1556db6a
      Size/MD5:   398968 d60fddde214fe3a9ba132f5aa31421f6
      Size/MD5:   332338 bfdb04fcbc4cc1b35466309e6d1ebe68

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5:   201838 7e5322c9a0549be64847db789e478f69
      Size/MD5:   443744 4e484450ea0c30d50b77878158021c56
      Size/MD5:   353510 34cedb7560cf2bc326dc608a73fef028
      Size/MD5:   287262 2a22bf7ef42370d27799e9992b183c17

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5:   218960 6ce6df1a4a741c8c12b57ca41ef71d1f
      Size/MD5:   498738 abffd68ab815093d0fa33a0ddf09d62b
      Size/MD5:   395476 715c6b951b76d873024a80816545df6f
      Size/MD5:   304944 66adb0761c8004b85c841fc78eaecd9c

  sparc architecture (Sun SPARC/UltraSPARC)
      Size/MD5:   205296 10c9919c827341235884044b98c9b9ed
      Size/MD5:   438502 747e41cb86f57b80094a3b9624faaa79
      Size/MD5:   395448 a73794337f96dd436969f1ce1e1b2ed2
      Size/MD5:   293108 59e5c1dbc23d906229efdc5fd8b43acb

Updated packages for Ubuntu 6.06 LTS:

  Source archives:
      Size/MD5:   340592 3d897a1f6c852961a51e1ed2abd57700
      Size/MD5:      782 ed4ea38a746c3a5c01df97efc1f56684
      Size/MD5:  1504638 7b410fa3c563c7988e434a8c8671b3cd
      Size/MD5:   547210 43343fb58d09ef0157163d61e4b856ac
      Size/MD5:      846 de642e0252450068d262032caa108ab3
      Size/MD5:  3305475 4e1a2e9c22c7d6459d5eb5e6484a19c4

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5:   288060 ab7b29cc7797add5c945fee37ea08e13
      Size/MD5:   490866 8f8f9b54a0a351df5cfeabceb90337bd
      Size/MD5:   492192 14d5105bfb4f1346dc24cdb02282a989
      Size/MD5:   398922 167aca29f3fb079e0ae59b171d3f80f6
      Size/MD5:   332602 5c80ebe2410af742c3f1e5ebf3f061c4
      Size/MD5:   642186 2d6e15d7f57c64dc6a08de1a837f882f
      Size/MD5:   419956 77892c1022bdb4e422bb84654bf81275

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5:   271890 52a8d52f5db1ee7d81573fe3ef8909d0
      Size/MD5:   444560 e62ca7e54d740dae765cff30e2877fea
      Size/MD5:   434914 66cd4ae0e53bac620537befa71b71471
      Size/MD5:   353266 b7882d6444d9946074df3ccda4609548
      Size/MD5:   287556 60a01efc8102af04b9418dfdd053d60d
      Size/MD5:   578054 1b0af9f8bbfdca6ab65781d1a761d1f8
      Size/MD5:   372796 931456f16edb71bc2f3724597b7d25a5

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5:   288282 da78d3aa3f6dc6f55819a7a7b87a8ef9
      Size/MD5:   483764 4b9bc5d06ecef2ccfd1bf78cb3a38be3
      Size/MD5:   488222 8809195502f4beb96deb7fa5c5db1971
      Size/MD5:   395568 c1a26fe60afbdafdb944ff41dab4b8c1
      Size/MD5:   304804 c33b1d0470d894ea91d9cabbe921d35e
      Size/MD5:   635046 71b63e9a190676debea5a40423da233a
      Size/MD5:   390354 e132049e6323d5d71824379f6bfe57bf

  sparc architecture (Sun SPARC/UltraSPARC)
      Size/MD5:   273020 8ccad45ebceb81375ac915a14edc73e5
      Size/MD5:   480026 9f53727b59d626a0a2cc15ab9bb37331
      Size/MD5:   427638 f38fb7a6a633baf4b7100ec839372eab
      Size/MD5:   393658 10ceb83747c49a19b98c51c1d72fdc06
      Size/MD5:   292130 3a032b8476527064933fea01882e912d
      Size/MD5:   570060 22615e4739a2f71f9977b2c683283e28
      Size/MD5:   375898 016adf7e48efcbaa949392a352324d2b

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
FBI Quietly Removes Recommendation To Encrypt Your Phone
And the prize for LEAST SECURE BROWSER goes to ... Chrome!
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.