-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
- -------------------------------------------------------------------------- Debian Security Advisory DSA-1935-1 security@debian.org http://www.debian.org/security/ Giuseppe Iuculano November 17th, 2009 http://www.debian.org/security/faq - --------------------------------------------------------------------------
Packages : gnutls13 gnutls26 Vulnerability : several vulnerabilities Problem type : remote Debian-specific: no Debian bug : 541439 CVE Ids : CVE-2009-2409 CVE-2009-2730
Dan Kaminsky and Moxie Marlinspike discovered that gnutls, an implementation of the TLS/SSL protocol, does not properly handle a '\0' character in a domain name in the subject's Common Name or Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. (CVE-2009-2730)
In addition, with this update, certificates with MD2 hash signatures are no longer accepted since they're no longer considered cryptograhically secure. It only affects the oldstable distribution (etch).(CVE-2009-2409)
For the oldstable distribution (etch), these problems have been fixed in version 1.4.4-3+etch5 for gnutls13.
For the stable distribution (lenny), these problems have been fixed in version 2.4.2-6+lenny2 for gnutls26.
For the testing distribution (squeeze), and the unstable distribution (sid), these problems have been fixed in version 2.8.3-1 for gnutls26.
We recommend that you upgrade your gnutls13/gnutls26 packages.
Upgrade instructions - --------------------
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
If you are using the apt-get package manager, use the line for sources.list as given below:
apt-get update will update the internal database apt-get upgrade will install corrected packages
You may use an automated update by adding the resources from the footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch - -------------------------------
Debian (oldstable) - ------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
gnutls13_1.4.4.orig.tar.gz Size/MD5 checksum: 4752009 c06ada020e2b69caa51833175d59f8b2 gnutls13_1.4.4-3+etch5.dsc Size/MD5 checksum: 968 0d1e0d44616d6f6a53b6c1f567849f56 gnutls13_1.4.4-3+etch5.diff.gz Size/MD5 checksum: 22775 f6ddd230b956dec89fccf43ea9f64c20
Architecture independent packages:
gnutls-doc_1.4.4-3+etch5_all.deb Size/MD5 checksum: 2320326 d29321b23395f3bd314b9eee58f351e3
alpha architecture (DEC Alpha)
libgnutls-dev_1.4.4-3+etch5_alpha.deb Size/MD5 checksum: 524412 3cec75cb5cc88eb5232c4f29690daf9c gnutls-bin_1.4.4-3+etch5_alpha.deb Size/MD5 checksum: 196642 9c9f57aad568b9a401d6c1d01d2d7b8d libgnutls13_1.4.4-3+etch5_alpha.deb Size/MD5 checksum: 328464 e5323045e55edea08408bfb9b47d31bc libgnutls13-dbg_1.4.4-3+etch5_alpha.deb Size/MD5 checksum: 547790 454e9579fc03822ba624f1b95a2233db
amd64 architecture (AMD x86_64 (AMD64))
libgnutls-dev_1.4.4-3+etch5_amd64.deb Size/MD5 checksum: 389592 c223bf87fc20485989fac3d45781479e libgnutls13-dbg_1.4.4-3+etch5_amd64.deb Size/MD5 checksum: 539538 aa4f2394318c69cfb830b0b9ff60910f gnutls-bin_1.4.4-3+etch5_amd64.deb Size/MD5 checksum: 183748 179c1000c3fb9eb03ccc4e4d13be31b7 libgnutls13_1.4.4-3+etch5_amd64.deb Size/MD5 checksum: 314988 147a2771b4a5ec7f0d96b261568876a9
arm architecture (ARM)
libgnutls13-dbg_1.4.4-3+etch5_arm.deb Size/MD5 checksum: 511366 a4d8c9026f1796c25cb2b7c52ef2a3ed gnutls-bin_1.4.4-3+etch5_arm.deb Size/MD5 checksum: 170044 b6bde115c495dce839a52c7429f0dbf2 libgnutls-dev_1.4.4-3+etch5_arm.deb Size/MD5 checksum: 355394 dd804a20100e1ea6e952822f10f7439b libgnutls13_1.4.4-3+etch5_arm.deb Size/MD5 checksum: 283498 d1812b33b152335943b56b27766b06b1
hppa architecture (HP PA RISC)
gnutls-bin_1.4.4-3+etch5_hppa.deb Size/MD5 checksum: 184760 2c91694636ada0deaf3d6bf5282b2e39 libgnutls-dev_1.4.4-3+etch5_hppa.deb Size/MD5 checksum: 435846 9aca168f530875a37e2f642e4eedf8d7 libgnutls13-dbg_1.4.4-3+etch5_hppa.deb Size/MD5 checksum: 522290 0c7d5b25764b7417614b060bfd75ba0b libgnutls13_1.4.4-3+etch5_hppa.deb Size/MD5 checksum: 313032 8ce1083248396d54bfa7e5e48d8d539f
i386 architecture (Intel ia32)
libgnutls-dev_1.4.4-3+etch5_i386.deb Size/MD5 checksum: 361204 cebc5c072963706a77e1de7a4e3007ff libgnutls13-dbg_1.4.4-3+etch5_i386.deb Size/MD5 checksum: 526762 fc875479e7073f653d1861466b161c4f libgnutls13_1.4.4-3+etch5_i386.deb Size/MD5 checksum: 283234 e631928f6b98dfb87101c95a3ef05d5b gnutls-bin_1.4.4-3+etch5_i386.deb Size/MD5 checksum: 173680 3452c95f32e6385391700792ad29f178
ia64 architecture (Intel ia64)
libgnutls13-dbg_1.4.4-3+etch5_ia64.deb Size/MD5 checksum: 528676 fc9737d4f76e4f100d49369640c14410 gnutls-bin_1.4.4-3+etch5_ia64.deb Size/MD5 checksum: 229464 bbc0fa1b84059efe0bb237bee57a813a libgnutls13_1.4.4-3+etch5_ia64.deb Size/MD5 checksum: 395210 d2939943712f32f8a2ece29c5b8997e6 libgnutls-dev_1.4.4-3+etch5_ia64.deb Size/MD5 checksum: 550718 e47c23d4c04d653b1b17f21eff5fe995
mips architecture (MIPS (Big Endian))
libgnutls13_1.4.4-3+etch5_mips.deb Size/MD5 checksum: 279672 3eca03ed4ee8700a0fb7c4a290c02035 gnutls-bin_1.4.4-3+etch5_mips.deb Size/MD5 checksum: 183084 8d8218914a3b18501f727b7d2423e7bd libgnutls-dev_1.4.4-3+etch5_mips.deb Size/MD5 checksum: 418826 a38125c2aa8353e0db7628f58c48501d libgnutls13-dbg_1.4.4-3+etch5_mips.deb Size/MD5 checksum: 554026 999ec1b017db3b9b01f992482e34e834
mipsel architecture (MIPS (Little Endian))
gnutls-bin_1.4.4-3+etch5_mipsel.deb Size/MD5 checksum: 182966 f74f61b271ef2dacc697da994de63c6e libgnutls13-dbg_1.4.4-3+etch5_mipsel.deb Size/MD5 checksum: 542526 8d5d1b10a2b699baec693032bd7c8220 libgnutls13_1.4.4-3+etch5_mipsel.deb Size/MD5 checksum: 278144 fefb167c9b703c941a74b31cc1e57386 libgnutls-dev_1.4.4-3+etch5_mipsel.deb Size/MD5 checksum: 417548 295cac79e17bb91af79994dd42beff12
powerpc architecture (PowerPC)
libgnutls13-dbg_1.4.4-3+etch5_powerpc.deb Size/MD5 checksum: 539140 f5c6093941de4bad63a9358937d9e9bf libgnutls13_1.4.4-3+etch5_powerpc.deb Size/MD5 checksum: 289256 a6ba2fe745aefb77298904838dbe89c3 libgnutls-dev_1.4.4-3+etch5_powerpc.deb Size/MD5 checksum: 389278 6b95f79d0ab35bfead0aba6d264fadf6 gnutls-bin_1.4.4-3+etch5_powerpc.deb Size/MD5 checksum: 184878 93e1dfdab5f4aefc0441efbc8b3629e3
s390 architecture (IBM S/390)
libgnutls13_1.4.4-3+etch5_s390.deb Size/MD5 checksum: 311948 f12b41557a868704cc4b0c3d523d7152 libgnutls-dev_1.4.4-3+etch5_s390.deb Size/MD5 checksum: 380612 22613e21463f904382ee8396d7bcb560 libgnutls13-dbg_1.4.4-3+etch5_s390.deb Size/MD5 checksum: 537998 7433adff9256f314176abde8a8f5189f gnutls-bin_1.4.4-3+etch5_s390.deb Size/MD5 checksum: 184766 b1c26cac411fdf46bc70110c5d63bda1
sparc architecture (Sun SPARC/UltraSPARC)
libgnutls-dev_1.4.4-3+etch5_sparc.deb Size/MD5 checksum: 380326 edb042b81a29e7ebb1f6e76012344721 libgnutls13-dbg_1.4.4-3+etch5_sparc.deb Size/MD5 checksum: 491774 0006fe36e413ac3d043261d3ea255f54 gnutls-bin_1.4.4-3+etch5_sparc.deb Size/MD5 checksum: 169592 a64346f82d82c65663eb5a7c841575e0 libgnutls13_1.4.4-3+etch5_sparc.deb Size/MD5 checksum: 271534 0a2ae15d598949739a8cac53cfd1a686
Debian GNU/Linux 5.0 alias lenny - --------------------------------
Debian (stable) - ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
gnutls26_2.4.2-6+lenny2.diff.gz Size/MD5 checksum: 22541 cf40d750533c71674457d06009bb0782 gnutls26_2.4.2-6+lenny2.dsc Size/MD5 checksum: 1613 11f849268b5a2eaa380f9ead0adfb115 gnutls26_2.4.2.orig.tar.gz Size/MD5 checksum: 5984345 8fea7c57f4badcafcd31eb0f981f169a
Architecture independent packages:
gnutls-doc_2.4.2-6+lenny2_all.deb Size/MD5 checksum: 2761832 515f3fe721d0ff35dd94d213f6a63c1d
alpha architecture (DEC Alpha)
guile-gnutls_2.4.2-6+lenny2_alpha.deb Size/MD5 checksum: 218632 e9bfc365dd3e67e7d2fa3f1e2abe69d9 libgnutls-dev_2.4.2-6+lenny2_alpha.deb Size/MD5 checksum: 748238 20538636930652560875eb2cbad30db5 libgnutls26_2.4.2-6+lenny2_alpha.deb Size/MD5 checksum: 515934 f6deaa1519b88b14a7d49cfb52239a6d libgnutls26-dbg_2.4.2-6+lenny2_alpha.deb Size/MD5 checksum: 1143310 c72c8cc75bb5872c3ee76d9741015ebf gnutls-bin_2.4.2-6+lenny2_alpha.deb Size/MD5 checksum: 298230 1c4f2fcffc99ccfb4df1c66b82d7a28d
amd64 architecture (AMD x86_64 (AMD64))
gnutls-bin_2.4.2-6+lenny2_amd64.deb Size/MD5 checksum: 285466 2771d1bd8e7bd6e3aabed272fe978ee8 libgnutls-dev_2.4.2-6+lenny2_amd64.deb Size/MD5 checksum: 587384 2ad87b2c3d54aceaf3e4f7c54f8fed98 libgnutls26-dbg_2.4.2-6+lenny2_amd64.deb Size/MD5 checksum: 1137154 dee3ab7e6a5f614841dcb54ab18c2d87 guile-gnutls_2.4.2-6+lenny2_amd64.deb Size/MD5 checksum: 216556 3ef162abcab4745ed09e7d23c5e65967 libgnutls26_2.4.2-6+lenny2_amd64.deb Size/MD5 checksum: 506906 6a4ef62028952937923c6708bab643e4
arm architecture (ARM)
guile-gnutls_2.4.2-6+lenny2_arm.deb Size/MD5 checksum: 206572 ebda0a0cebf25d34c08536c3333e8107 libgnutls26_2.4.2-6+lenny2_arm.deb Size/MD5 checksum: 446094 8618d03f2815c756e249752d43c21e94 libgnutls26-dbg_2.4.2-6+lenny2_arm.deb Size/MD5 checksum: 1071036 95ca4f0094561941ec4eb5ae64b9aa92 gnutls-bin_2.4.2-6+lenny2_arm.deb Size/MD5 checksum: 269802 c755c7a41a44cbf43c0de503d72a346c libgnutls-dev_2.4.2-6+lenny2_arm.deb Size/MD5 checksum: 528212 609e43315302a8f69c94b611565309bb
armel architecture (ARM EABI)
libgnutls-dev_2.4.2-6+lenny2_armel.deb Size/MD5 checksum: 530970 47450c2aa5500ac11c20ea97da9a39a5 libgnutls26-dbg_2.4.2-6+lenny2_armel.deb Size/MD5 checksum: 1076498 013949caf00bb4c09c6a938cc9e1663f gnutls-bin_2.4.2-6+lenny2_armel.deb Size/MD5 checksum: 266782 11690d1391b24583f46e5d4c5e52c496 libgnutls26_2.4.2-6+lenny2_armel.deb Size/MD5 checksum: 453366 650e7db38325c50b6b6400d41fab6e3e guile-gnutls_2.4.2-6+lenny2_armel.deb Size/MD5 checksum: 206556 8ef962910e5e42d012333145a7bc5605
hppa architecture (HP PA RISC)
libgnutls-dev_2.4.2-6+lenny2_hppa.deb Size/MD5 checksum: 623332 a71ae72f1b083de29e38be2377e5f801 libgnutls26-dbg_2.4.2-6+lenny2_hppa.deb Size/MD5 checksum: 1092220 0ee7714f23bc078deb4b06e1902143a2 gnutls-bin_2.4.2-6+lenny2_hppa.deb Size/MD5 checksum: 288222 5265c4a75dc4ccf047d6618977c347b5 guile-gnutls_2.4.2-6+lenny2_hppa.deb Size/MD5 checksum: 216368 0a70676d3d6438687f8e0ad7bc60e46e libgnutls26_2.4.2-6+lenny2_hppa.deb Size/MD5 checksum: 490244 948e9671cbdf50eed5a0c8381855c312
i386 architecture (Intel ia32)
libgnutls26_2.4.2-6+lenny2_i386.deb Size/MD5 checksum: 464294 e7c49812fe0f7e30ef2b161586afcb9e libgnutls26-dbg_2.4.2-6+lenny2_i386.deb Size/MD5 checksum: 1091520 5d34ba25dbce51d201bd5a59e1a7be1d gnutls-bin_2.4.2-6+lenny2_i386.deb Size/MD5 checksum: 269416 f6131b2bb1ed2cfda08e12a5d2ff7924 libgnutls-dev_2.4.2-6+lenny2_i386.deb Size/MD5 checksum: 538716 afe8584d673272b885a933aeb474b57a guile-gnutls_2.4.2-6+lenny2_i386.deb Size/MD5 checksum: 211260 d66a4b3d2c9b16ae10e22e187f6f49d4
ia64 architecture (Intel ia64)
libgnutls-dev_2.4.2-6+lenny2_ia64.deb Size/MD5 checksum: 783302 c84f0b7f414238a52a308c5c25408745 gnutls-bin_2.4.2-6+lenny2_ia64.deb Size/MD5 checksum: 341950 8376cd61be6ed247cac0ed841956b3bf libgnutls26-dbg_2.4.2-6+lenny2_ia64.deb Size/MD5 checksum: 933244 4720f477f77f2ed23a7d3d8664e29dfb libgnutls26_2.4.2-6+lenny2_ia64.deb Size/MD5 checksum: 608048 612e75ae6b520813f37c3061a6d93115
mips architecture (MIPS (Big Endian))
libgnutls-dev_2.4.2-6+lenny2_mips.deb Size/MD5 checksum: 612326 0a3fd65aab1aebece219144928875655 guile-gnutls_2.4.2-6+lenny2_mips.deb Size/MD5 checksum: 204168 481c3f5b56f66a5d3329121aab270e35 libgnutls26-dbg_2.4.2-6+lenny2_mips.deb Size/MD5 checksum: 1156518 6207ed31c70b935dcbc9947b7f932413 libgnutls26_2.4.2-6+lenny2_mips.deb Size/MD5 checksum: 450508 d84e9b08891328982adbfb715d5661d8 gnutls-bin_2.4.2-6+lenny2_mips.deb Size/MD5 checksum: 277200 86d9f508062854355749ce61f08454f3
mipsel architecture (MIPS (Little Endian))
libgnutls26_2.4.2-6+lenny2_mipsel.deb Size/MD5 checksum: 447986 941adce495faf0246f500cad682eecf9 gnutls-bin_2.4.2-6+lenny2_mipsel.deb Size/MD5 checksum: 276896 e202c2e264c68e517f5adf6e8c1754da libgnutls26-dbg_2.4.2-6+lenny2_mipsel.deb Size/MD5 checksum: 1135302 63c1c0f1d0fd295ca2ff404cc1d26d4d guile-gnutls_2.4.2-6+lenny2_mipsel.deb Size/MD5 checksum: 203662 3ab214e0b28c9e58cf8a0055610bf941 libgnutls-dev_2.4.2-6+lenny2_mipsel.deb Size/MD5 checksum: 608742 89860b25c70999416ecf1d55e8349633
s390 architecture (IBM S/390)
guile-gnutls_2.4.2-6+lenny2_s390.deb Size/MD5 checksum: 216318 d5f5f6f3a1e9890442cbaa95add449c7 libgnutls26-dbg_2.4.2-6+lenny2_s390.deb Size/MD5 checksum: 1130814 126787b5691cd8301b26d785a4612509 libgnutls-dev_2.4.2-6+lenny2_s390.deb Size/MD5 checksum: 566688 b9098ac0484dbc9788d6305a4cb042b4 gnutls-bin_2.4.2-6+lenny2_s390.deb Size/MD5 checksum: 289924 58f71ff0b729d1d4656db37a39e09468 libgnutls26_2.4.2-6+lenny2_s390.deb Size/MD5 checksum: 496000 6bc48e6d342fd1226ba2e3b649ce80bd
sparc architecture (Sun SPARC/UltraSPARC)
libgnutls26_2.4.2-6+lenny2_sparc.deb Size/MD5 checksum: 438672 262013091fcac289b5fcc6420e25b287 libgnutls26-dbg_2.4.2-6+lenny2_sparc.deb Size/MD5 checksum: 1023036 2157723b3f9cf676a80cbcedc892cad1 libgnutls-dev_2.4.2-6+lenny2_sparc.deb Size/MD5 checksum: 556984 079e6f596226d14e673bad1cefd487fc guile-gnutls_2.4.2-6+lenny2_sparc.deb Size/MD5 checksum: 209502 c01e31234b9a6dcd4ade38354a1cc4ef gnutls-bin_2.4.2-6+lenny2_sparc.deb Size/MD5 checksum: 276656 f0a16e2061a5bf67e58db0ff2b1a570a
These files will probably be moved into the stable distribution on its next update.
- --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-securitydists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAksCqTwACgkQHYflSXNkfP9qmACdEy7+wOGrR6IOoY6Xq/aANRo2 61QAn3kZr4APE34L1qsgGc5/bFijAykh =Qi+6 -----END PGP SIGNATURE-----
-- To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
|