Linux Security
    Linux Security
    Linux Security

    Debian: DSA-1946-1: New belpic packages fix cryptographic weakness

    Date
    119
    Posted By
    It was discovered that belpic, the belgian eID PKCS11 library, does not properly check the result of an OpenSSL function for verifying cryptographic signatures, which could be used to bypass the certificate validation.
    
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1946-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                      Steffen Joeris
    December 04, 2009                     https://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : belpic
    Vulnerability  : cryptographic weakness
    Problem type   : remote
    Debian-specific: no
    CVE Id         : CVE-2009-0049
    Debian Bug     : 511261
    
    It was discovered that belpic, the belgian eID PKCS11 library, does not
    properly check the result of an OpenSSL function for verifying
    cryptographic signatures, which could be used to bypass the certificate
    validation.
    
    
    For the oldstable distribution (etch), this problem has been fixed in
    version 2.5.9-7.etch.1.
    
    For the stable distribution (lenny), this problem has been fixed in
    version 2.6.0-6, which was already included in the lenny release.
    
    For the testing distribution (squeeze) and the unstable distribution
    (sid), this problem has been fixed in version 2.6.0-6.
    
    
    We recommend that you upgrade your belpic packages.
    
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 4.0 alias etch
    - -------------------------------
    
    Debian (oldstable)
    - ------------------
    
    Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      https://security.debian.org/pool/updates/main/b/belpic/belpic_2.5.9-7.etch.1.diff.gz
        Size/MD5 checksum:    20340 d0d4ce8373f2f49800971113432ab35e
      https://security.debian.org/pool/updates/main/b/belpic/belpic_2.5.9-7.etch.1.dsc
        Size/MD5 checksum:      778 6a552980e5274b74128f2b43d5eecd84
      https://security.debian.org/pool/updates/main/b/belpic/belpic_2.5.9.orig.tar.gz
        Size/MD5 checksum:  1790274 517a8617e5919b3218acf2d5d859ea8e
    
    alpha architecture (DEC Alpha)
    
      https://security.debian.org/pool/updates/main/b/belpic/libbeid2-dev_2.5.9-7.etch.1_alpha.deb
        Size/MD5 checksum:    87916 fce36aa5a4e516bece52ca1322328288
      https://security.debian.org/pool/updates/main/b/belpic/beid-tools_2.5.9-7.etch.1_alpha.deb
        Size/MD5 checksum:   156018 4e75d5671006c371f4a5aeeb216d2749
      https://security.debian.org/pool/updates/main/b/belpic/beidgui_2.5.9-7.etch.1_alpha.deb
        Size/MD5 checksum:   314606 2caa3f109ee32caabb5ef63702ff9536
      https://security.debian.org/pool/updates/main/b/belpic/libbeidlibopensc2_2.5.9-7.etch.1_alpha.deb
        Size/MD5 checksum:   338216 75704f922f932f7453fd475af22bac15
      https://security.debian.org/pool/updates/main/b/belpic/libbeid2_2.5.9-7.etch.1_alpha.deb
        Size/MD5 checksum:   153234 64e2984faecdb78f26566faa7b40c837
      https://security.debian.org/pool/updates/main/b/belpic/libbeidlibopensc2-dev_2.5.9-7.etch.1_alpha.deb
        Size/MD5 checksum:  1013996 3a64d43f1fe914d0800b8cacb6a602ed
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      https://security.debian.org/pool/updates/main/b/belpic/beid-tools_2.5.9-7.etch.1_amd64.deb
        Size/MD5 checksum:   151240 ff1be550e65c3c234ea0ae3e8fa3f39e
      https://security.debian.org/pool/updates/main/b/belpic/libbeid2_2.5.9-7.etch.1_amd64.deb
        Size/MD5 checksum:   150332 3dcdfb89cacf62cca1ffc3da471ff7c4
      https://security.debian.org/pool/updates/main/b/belpic/libbeid2-dev_2.5.9-7.etch.1_amd64.deb
        Size/MD5 checksum:    87572 8a357ceb7f8a783d9fe127e0c0bfe943
      https://security.debian.org/pool/updates/main/b/belpic/libbeidlibopensc2_2.5.9-7.etch.1_amd64.deb
        Size/MD5 checksum:   330802 0ea774426304964b8bf07ee176fb4c91
      https://security.debian.org/pool/updates/main/b/belpic/beidgui_2.5.9-7.etch.1_amd64.deb
        Size/MD5 checksum:   305592 0d28550e3a3b2929c53057533726cb13
      https://security.debian.org/pool/updates/main/b/belpic/libbeidlibopensc2-dev_2.5.9-7.etch.1_amd64.deb
        Size/MD5 checksum:  1013976 51c8584f0dcb8fd6b67727e13935f073
    
    hppa architecture (HP PA RISC)
    
      https://security.debian.org/pool/updates/main/b/belpic/libbeidlibopensc2-dev_2.5.9-7.etch.1_hppa.deb
        Size/MD5 checksum:  1012984 3f52c668f80dac56d6eba30b092bfa09
      https://security.debian.org/pool/updates/main/b/belpic/libbeidlibopensc2_2.5.9-7.etch.1_hppa.deb
        Size/MD5 checksum:   346390 8cce55c26535945b3c9ba13b6404142e
      https://security.debian.org/pool/updates/main/b/belpic/libbeid2_2.5.9-7.etch.1_hppa.deb
        Size/MD5 checksum:   160238 2d6e75fb4994110b2f5b1227f2269a77
      https://security.debian.org/pool/updates/main/b/belpic/libbeid2-dev_2.5.9-7.etch.1_hppa.deb
        Size/MD5 checksum:    87678 b126cca6dfc088fc0b8cc6775f0f2e7c
      https://security.debian.org/pool/updates/main/b/belpic/beidgui_2.5.9-7.etch.1_hppa.deb
        Size/MD5 checksum:   318312 7d244309c1b1e8a82f467ed0f4b01a8f
      https://security.debian.org/pool/updates/main/b/belpic/beid-tools_2.5.9-7.etch.1_hppa.deb
        Size/MD5 checksum:   156784 062a94360e7af00b1d17a8883f2df33c
    
    i386 architecture (Intel ia32)
    
      https://security.debian.org/pool/updates/main/b/belpic/libbeid2_2.5.9-7.etch.1_i386.deb
        Size/MD5 checksum:   148666 780cf47c2c9a3262b2a3d6e749759d21
      https://security.debian.org/pool/updates/main/b/belpic/libbeidlibopensc2_2.5.9-7.etch.1_i386.deb
        Size/MD5 checksum:   311998 d2ec1c416b6b94edff51b6a652ef03e5
      https://security.debian.org/pool/updates/main/b/belpic/beid-tools_2.5.9-7.etch.1_i386.deb
        Size/MD5 checksum:   144724 5b731d7498e0c87cca36221c8c1152d9
      https://security.debian.org/pool/updates/main/b/belpic/beidgui_2.5.9-7.etch.1_i386.deb
        Size/MD5 checksum:   299860 0d60e423f940317db6028ff814e0f787
      https://security.debian.org/pool/updates/main/b/belpic/libbeidlibopensc2-dev_2.5.9-7.etch.1_i386.deb
        Size/MD5 checksum:  1014116 99fe999f58a645c88d1e859497215b50
      https://security.debian.org/pool/updates/main/b/belpic/libbeid2-dev_2.5.9-7.etch.1_i386.deb
        Size/MD5 checksum:    87780 cf21f6df10e9b1b88ed35d858109b3ae
    
    ia64 architecture (Intel ia64)
    
      https://security.debian.org/pool/updates/main/b/belpic/libbeid2-dev_2.5.9-7.etch.1_ia64.deb
        Size/MD5 checksum:    87626 d8d7df1a9d92a645d4c442579038998b
      https://security.debian.org/pool/updates/main/b/belpic/libbeidlibopensc2-dev_2.5.9-7.etch.1_ia64.deb
        Size/MD5 checksum:  1014022 f4b5ce0eceb87f3ca7fa6a21e7c476f6
      https://security.debian.org/pool/updates/main/b/belpic/beid-tools_2.5.9-7.etch.1_ia64.deb
        Size/MD5 checksum:   169770 956d4fe1a91405f30c85e3b4089fd2cb
      https://security.debian.org/pool/updates/main/b/belpic/libbeidlibopensc2_2.5.9-7.etch.1_ia64.deb
        Size/MD5 checksum:   382222 5489754c01c0a12ad7ec421ad678e769
      https://security.debian.org/pool/updates/main/b/belpic/beidgui_2.5.9-7.etch.1_ia64.deb
        Size/MD5 checksum:   329702 3ac3fcbaa77b88d4981a25afab035ca4
      https://security.debian.org/pool/updates/main/b/belpic/libbeid2_2.5.9-7.etch.1_ia64.deb
        Size/MD5 checksum:   163648 35bc558bfb41eb1b15c2487624422ed4
    
    mips architecture (MIPS (Big Endian))
    
      https://security.debian.org/pool/updates/main/b/belpic/beid-tools_2.5.9-7.etch.1_mips.deb
        Size/MD5 checksum:   153822 6925531d088aa05d1eef9cd5b9ece264
      https://security.debian.org/pool/updates/main/b/belpic/beidgui_2.5.9-7.etch.1_mips.deb
        Size/MD5 checksum:   289498 4da6c0fbcddf102a7ec328060f8c7437
      https://security.debian.org/pool/updates/main/b/belpic/libbeid2-dev_2.5.9-7.etch.1_mips.deb
        Size/MD5 checksum:    87622 5f615f96eba9272c8a6be068bb610f52
      https://security.debian.org/pool/updates/main/b/belpic/libbeid2_2.5.9-7.etch.1_mips.deb
        Size/MD5 checksum:   146534 8dd5ed4c08c3d8c105aaa3342cd4cf2b
      https://security.debian.org/pool/updates/main/b/belpic/libbeidlibopensc2_2.5.9-7.etch.1_mips.deb
        Size/MD5 checksum:   305640 b356a3a69a8b8be76ff7bd220d436d7e
      https://security.debian.org/pool/updates/main/b/belpic/libbeidlibopensc2-dev_2.5.9-7.etch.1_mips.deb
        Size/MD5 checksum:  1014040 cb0ab32eeabe5a1a61cb85503f08724a
    
    mipsel architecture (MIPS (Little Endian))
    
      https://security.debian.org/pool/updates/main/b/belpic/libbeid2_2.5.9-7.etch.1_mipsel.deb
        Size/MD5 checksum:   145358 fe04e7ea83258e37c889227d82c34598
      https://security.debian.org/pool/updates/main/b/belpic/beid-tools_2.5.9-7.etch.1_mipsel.deb
        Size/MD5 checksum:   153556 7d5273ed7dff7ca723d84a24d79b474b
      https://security.debian.org/pool/updates/main/b/belpic/libbeid2-dev_2.5.9-7.etch.1_mipsel.deb
        Size/MD5 checksum:    87628 93f8e1c0860045f8115334a8ce6848a4
      https://security.debian.org/pool/updates/main/b/belpic/libbeidlibopensc2_2.5.9-7.etch.1_mipsel.deb
        Size/MD5 checksum:   303616 6851fb4c0ef60c5ae093dceeb073343d
      https://security.debian.org/pool/updates/main/b/belpic/beidgui_2.5.9-7.etch.1_mipsel.deb
        Size/MD5 checksum:   288008 71477b21c578685d2c5d8bc4e637c110
      https://security.debian.org/pool/updates/main/b/belpic/libbeidlibopensc2-dev_2.5.9-7.etch.1_mipsel.deb
        Size/MD5 checksum:  1014036 122780976ad58d4d677271eb2719f4ba
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      https://security.debian.org/pool/updates/main/b/belpic/libbeidlibopensc2_2.5.9-7.etch.1_sparc.deb
        Size/MD5 checksum:   305840 f141f398a8307a139bb06a1404654e4b
      https://security.debian.org/pool/updates/main/b/belpic/libbeid2_2.5.9-7.etch.1_sparc.deb
        Size/MD5 checksum:   144866 b1585ec86c614963b303e50e6ff173e8
      https://security.debian.org/pool/updates/main/b/belpic/beid-tools_2.5.9-7.etch.1_sparc.deb
        Size/MD5 checksum:   142334 62d8aa616675850b39eb2f4a6b6e6dd2
      https://security.debian.org/pool/updates/main/b/belpic/libbeid2-dev_2.5.9-7.etch.1_sparc.deb
        Size/MD5 checksum:    87800 82e1751c7a5b6d5b79c85f224d2ceb22
      https://security.debian.org/pool/updates/main/b/belpic/beidgui_2.5.9-7.etch.1_sparc.deb
        Size/MD5 checksum:   298366 8da65df356289e0c0e6ccfbda359d76a
      https://security.debian.org/pool/updates/main/b/belpic/libbeidlibopensc2-dev_2.5.9-7.etch.1_sparc.deb
        Size/MD5 checksum:  1013848 cc15434108f03beb6c2ebf4fc3920981
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb https://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and https://packages.debian.org/
    

    Advisories

    LinuxSecurity Poll

    How are you contributing to Open Source?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    /main-polls/37-how-are-you-contributing-to-open-source?task=poll.vote&format=json
    37
    radio
    [{"id":"127","title":"I'm involved with the development of an open-source project(s).","votes":"2","type":"x","order":"1","pct":100,"resources":[]},{"id":"128","title":"I've reported vulnerabilities I've discovered in open-source code.","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"129","title":"I've provided developers with feedback on their projects.","votes":"0","type":"x","order":"3","pct":0,"resources":[]},{"id":"130","title":"I've helped another community member get started contributing to Open Source.","votes":"0","type":"x","order":"4","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.