drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Prüfung von Zertifikaten in curl
Name: |
Mangelnde Prüfung von Zertifikaten in curl |
|
ID: |
USN-2058-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 12.04 LTS, Ubuntu 12.10, Ubuntu 13.04, Ubuntu 13.10 |
|
Datum: |
Mi, 18. Dezember 2013, 16:37 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6422 |
|
Applikationen: |
curl |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============2634779563320844627== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="RLlsfxXwhkqFneADAFlrlfIBvXC0sp8Rw"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --RLlsfxXwhkqFneADAFlrlfIBvXC0sp8Rw Content-Type: text/plain; charset=UTF- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-2058-1 December 18, 2013
curl vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.10 - Ubuntu 13.04 - Ubuntu 12.10 - Ubuntu 12.04 LTS
Summary:
Fraudulent security certificates could allow sensitive information to be exposed when accessing the Internet.
Software Description: - curl: HTTP, HTTPS, and FTP client and client libraries
Details:
Marc Deslauriers discovered that libcurl incorrectly verified CN and SAN name fields when digital signature verification was disabled in the GnuTLS backend. When libcurl is being used in this uncommon way by specific applications, an attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 13.10: libcurl3-gnutls 7.32.0-1ubuntu1.2
Ubuntu 13.04: libcurl3-gnutls 7.29.0-1ubuntu3.4
Ubuntu 12.10: libcurl3-gnutls 7.27.0-1ubuntu1.7
Ubuntu 12.04 LTS: libcurl3-gnutls 7.22.0-3ubuntu4.6
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-2058-1 CVE-2013-6422
Package Information: https://launchpad.net/ubuntu/+source/curl/7.32.0-1ubuntu1.2 https://launchpad.net/ubuntu/+source/curl/7.29.0-1ubuntu3.4 https://launchpad.net/ubuntu/+source/curl/7.27.0-1ubuntu1.7 https://launchpad.net/ubuntu/+source/curl/7.22.0-3ubuntu4.6
--RLlsfxXwhkqFneADAFlrlfIBvXC0sp8Rw Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCgAGBQJSsZ9EAAoJEGVp2FWnRL6TZ2gP/1lOYT/BEn9YFIZHlvGyrwE2 HBusIaxRbSfGfPeUrftUm5T4EFW9Okgfrn1jQmcutHwwDWLe1+pGWK7nnJeA2UTA Kv0QsFyrt1wQMfbqrGTd4DfnU5v2SzWQGg0v/fukpyHWoNkitxd5iblTmj9Rnrr6 nY1mQlcp/KmcwoDoYkxF2GdglHA9AUgP8Y8jAgNSWKhc2lvPTMri1+481WQNn3Z3 2flkrTta6etFNnT55/24v6YuQl/m8sNDRUuHA6lsdNMyL+TKzc2e4tgFuG20arEf W7X9N2/v28MJitP+C8nfD+n8Y4Q9E5HH6Lgo8H3YRvcKwaFTOZV59JKj4G9jcGpv CZLnBMPUkwN+Uym6gAxHtAchjoM2v1nicBBvLaXCqZJDSbeoSiqsbOvfCOGArDdw 0mYrX/lbg7koDcXfKdpO/y/8ayUKt2rF2axIELdT77DrH4ueefAqPK8E23AmK4Tk G5s0gPi0SZzKZlKx2onlKjW6p8tnJXOXgpr+EVEB6hCICjzPhbyySue71O8iKX7g tRuWhMurOZ3KZmYbNXJM7ktC+gKFhVlQ1dQ47UVjRQOVLA/NN4wev6RyD1zhhOKW FfgHyB+s+4zG6BHlqlJ+LK1W7tqM/RqOTSlkHFKdtYfk9LlpWqna/FMgKPCtwmmu BkaMMcm3AhZjvCOfjqJt =XKq5 -----END PGP SIGNATURE-----
--RLlsfxXwhkqFneADAFlrlfIBvXC0sp8Rw--
--===============2634779563320844627== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============2634779563320844627==--
|
|
|
|