drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in GnuTLS
Name: |
Mehrere Probleme in GnuTLS |
|
ID: |
USN-2540-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, Ubuntu 14.10 |
|
Datum: |
Mo, 23. März 2015, 22:45 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8155
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0282
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0294 |
|
Applikationen: |
GNU Transport Layer Security Library |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============6525037600337608410== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="lwpbNRXMjfhuvfCSGWBp21nKMo1UPF0H3"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --lwpbNRXMjfhuvfCSGWBp21nKMo1UPF0H3 Content-Type: text/plain; charset=utf- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-2540-1 March 23, 2015
gnutls26, gnutls28 vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in GnuTLS.
Software Description: - gnutls28: GNU TLS library - gnutls26: GNU TLS library
Details:
It was discovered that GnuTLS did not perform date and time checks on CA certificates, contrary to expectations. This issue only affected Ubuntu 10.04 LTS. (CVE-2014-8155)
Nikos Mavrogiannopoulos discovered that GnuTLS incorrectly verified that signature algorithms matched. A remote attacker could possibly use this issue to downgrade to a disallowed algorithm. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-0282)
It was discovered that GnuTLS incorrectly verified certificate algorithms. A remote attacker could possibly use this issue to downgrade to a disallowed algorithm. (CVE-2015-0294)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.10: libgnutls-deb0-28 3.2.16-1ubuntu2.2
Ubuntu 14.04 LTS: libgnutls26 2.12.23-12ubuntu2.2
Ubuntu 12.04 LTS: libgnutls26 2.12.14-5ubuntu3.9
Ubuntu 10.04 LTS: libgnutls26 2.8.5-2ubuntu0.7
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-2540-1 CVE-2014-8155, CVE-2015-0282, CVE-2015-0294
Package Information: https://launchpad.net/ubuntu/+source/gnutls28/3.2.16-1ubuntu2.2 https://launchpad.net/ubuntu/+source/gnutls26/2.12.23-12ubuntu2.2 https://launchpad.net/ubuntu/+source/gnutls26/2.12.14-5ubuntu3.9 https://launchpad.net/ubuntu/+source/gnutls26/2.8.5-2ubuntu0.7
--lwpbNRXMjfhuvfCSGWBp21nKMo1UPF0H3 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBCgAGBQJVEHHIAAoJEGVp2FWnRL6TCKAQAIRlwPUymmjLl30HAZ/tDbMS h9qNSU3cRIdrJxpStfGGt7J16gHcgN1PwTliArwXW6aTyRqsNZGkphzKSZFMTMa/ 7eHpmRWWOSC93FGI6kQrfXjLNxpOWJyYk8ZOIvaNqsgOr5tEWs0Zg/cFgHQLKzKO sopfbsCSjNHr/DXOUYTzag70NF4AGwRLWGE7qanaCDEVPVQv+xZk6z2GlKOOpx/A kCjV1qpotLwRD0FZm4DEc/zLr27YzxPiaymdq6OVRPCVaaVmjCmm18qfa+MwHfay NzGWeMRnIOUyYalbJevDLn5ZAxLPO54hnfb82yJLCaUalJVYUs6ZSHip0DMd5V8f TIO0NglL+XFiimniwb0KLbTW4KjnKLdtfv/brUxn+xV1lBrprA4s380yNSqFY2O5 PgWGNNBy89Hnsw0oZBgUG+WvQSgCP8n0GA1JuHf9hqYFoWDI7bVJYUPxQZiizhBi CxWTE8oHpUejVEGvA7bDLF71yeCMDrXbey46N3RVrXOIyeEglbVX1qRR6QFxyjFh keQPsUf2DC/GgDaxVVVWn1Rjo+Pm2yFi9gcNh5W9QL863v9ubmbMuGJ2cA11O03G J0VjmmxoFviOqK8CLbx/hbtcLdbqPjYan+/dR31sMwb8iSlD3SAPfNRU1h5GiKcP vmit9AnErEI9W8ntnD1F =7/Ly -----END PGP SIGNATURE-----
--lwpbNRXMjfhuvfCSGWBp21nKMo1UPF0H3--
--===============6525037600337608410== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============6525037600337608410==--
|
|
|
|