Linux Security
    Linux Security
    Linux Security

    Debian: New gnutls11 packages fix RSA signature forgery cryptographic weakness

    Posted By
    Daniel Bleichenbacher discovered a flaw in GNU TLS cryptographic package that could allow an attacker to generate a forged signature that GNU TLS will accept as valid.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 1182-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.                         Moritz Muehlenhoff
    September 22nd, 2006          
    - --------------------------------------------------------------------------
    Package        : gnutls11
    Vulnerability  : cryptographic weakness
    Problem-Type   : local
    Debian-specific: no
    CVE ID         : CVE-2006-4790
    Daniel Bleichenbacher discovered a flaw in GNU TLS cryptographic package
    that could allow an attacker to generate a forged signature that GNU TLS
    will accept as valid.
    For the stable distribution (sarge) this problem has been fixed in
    version 1.0.16-13.2sarge2.
    The unstable distribution (sid) does no longer contain gnutls11, for
    gnutls13 this problem has been fixed in version 1.4.4-1.
    We recommend that you upgrade your GNU TLS package.
    Upgrade Instructions
    - --------------------
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
      Source archives:
          Size/MD5 checksum:      820 72116e13ca8af0d4c0420a6a5fba01fb
          Size/MD5 checksum:   346146 46c4495ad9c32f53a362669432b548d0
          Size/MD5 checksum:  1504638 7b410fa3c563c7988e434a8c8671b3cd
      Alpha architecture:
          Size/MD5 checksum:   229836 759bb1fb11af8022228651e5ee996c2a
          Size/MD5 checksum:   335034 e25273a2f6a338e0a864759723f7927f
          Size/MD5 checksum:   589736 7318e2d5e9e5c1706e4e3baeadbe5e95
          Size/MD5 checksum:   512202 25396b24bd00c6c2d0c52f744072b972
      AMD64 architecture:
          Size/MD5 checksum:   217586 8c925e3b730e6b72d776e7b132c15a04
          Size/MD5 checksum:   327012 14301cbecc28ec34e998decbabf3ce58
          Size/MD5 checksum:   575502 bb6e0f0d2312a49ea9466a0261c667a0
          Size/MD5 checksum:   392470 01728ddd9d1a2493f95f7b88fd77063d
      ARM architecture:
          Size/MD5 checksum:   204892 4979873690a1bdd10b87de313f50e823
          Size/MD5 checksum:   294784 a1f084e60a11242ea2d0d8aa6b9e0a92
          Size/MD5 checksum:   585114 e7a6b7471fc1696936c7b1a2d842dd0a
          Size/MD5 checksum:   400060 b385b5cbca545e9c3956c0c43d0946e0
      HP Precision architecture:
          Size/MD5 checksum:   217594 5597e912c19fb5f3cea5350fc4867948
          Size/MD5 checksum:   329544 fb715f8fb54a6fb9e430edb1774ada8e
          Size/MD5 checksum:   584956 6c488c7997328cecda7afd7497d85ff5
          Size/MD5 checksum:   434780 7560c9da720dad66554a0459af06d0f8
      Intel IA-32 architecture:
          Size/MD5 checksum:   206826 3a6b6996db3db6bd92947fb552b61599
          Size/MD5 checksum:   301988 7af47286dd7a1fca42f80b1dfd87bb7d
          Size/MD5 checksum:   558658 c5e07873a863d46892921effa3423038
          Size/MD5 checksum:   370390 e649a2f476791e825c923003b152484c
      Intel IA-64 architecture:
          Size/MD5 checksum:   259060 252fafaf93df717cc09bfe1c33b2d382
          Size/MD5 checksum:   384930 9b16fbd9b504907db1d1c4f08669989e
          Size/MD5 checksum:   585920 64245f68bb5c1c795b4143462bbb25f5
          Size/MD5 checksum:   521916 d8eb2fec68f52dbd52c351402ab99b6f
      Motorola 680x0 architecture:
          Size/MD5 checksum:   198834 a12fd077c07b171dc6e99feb78375b08
          Size/MD5 checksum:   282984 577f5774ba0f2c274b8c62071f7202cf
          Size/MD5 checksum:   561098 a08a318581f5db996d9c382bd495c709
          Size/MD5 checksum:   341710 4bc318fbbfc2046fe4dd47d12ba88425
      Big endian MIPS architecture:
          Size/MD5 checksum:   211728 c3c1695268e1201ac2e9081b94c17366
          Size/MD5 checksum:   291666 f8fbf909070719d38243643d5dc7bf1d
          Size/MD5 checksum:   595774 f9ee1f7ceb3db2d93f9fcc758ccecab5
          Size/MD5 checksum:   408540 c1c1dcad15359180555a6256818c0686
      Little endian MIPS architecture:
          Size/MD5 checksum:   211476 f28cc4f345ae11897ae12ec1ac324719
          Size/MD5 checksum:   290328 fd27ef5dd5e20763912f5384b920360d
          Size/MD5 checksum:   591336 9c704e57721d0cf7a12bf844731a9fd7
          Size/MD5 checksum:   404628 b1201dea3f671b1e651f86e45803d7c7
      PowerPC architecture:
          Size/MD5 checksum:   218500 e6b92e1d34fa41b18c9aac4765e52191
          Size/MD5 checksum:   299502 9377a3aa261f852a8666934bb0825f04
          Size/MD5 checksum:  1415916 e27b0176c54741aff5b45d0466438ee1
          Size/MD5 checksum:   388910 1a2997848bc55fc28730370891797297
      IBM S/390 architecture:
          Size/MD5 checksum:   215448 9b20f31f10b2b91524453c7a768402a0
          Size/MD5 checksum:   318674 6ace59100c9131a1cea01c7d635d633a
          Size/MD5 checksum:   632292 60c0acb0ba3046ed4462627ed74db531
          Size/MD5 checksum:   376622 c11864c64293723e02f07bbeb59c36a7
      Sun Sparc architecture:
          Size/MD5 checksum:   204564 a826236438bfe0fbbffe6841fc0380be
          Size/MD5 checksum:   295780 b68bb873076fad0a20082e8f1601a43d
          Size/MD5 checksum:   577540 4bdfb6604d142bf8665846ef235724a0
          Size/MD5 checksum:   399936 10103cd5f9f40c434b9c6412cad4edb2
      These files will probably be moved into the stable distribution on
      its next update.
    - ---------------------------------------------------------------------------------
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.

    LinuxSecurity Poll

    How are you contributing to Open Source?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    [{"id":"127","title":"I'm involved with the development of an open-source project(s).","votes":"1","type":"x","order":"1","pct":100,"resources":[]},{"id":"128","title":"I've reported vulnerabilities I've discovered in open-source code.","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"129","title":"I've provided developers with feedback on their projects.","votes":"0","type":"x","order":"3","pct":0,"resources":[]},{"id":"130","title":"I've helped another community member get started contributing to Open Source.","votes":"0","type":"x","order":"4","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.