drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Prüfung von Zertifikaten in gnutls13 (Aktualisierung)
Name: |
Mangelnde Prüfung von Zertifikaten in gnutls13 (Aktualisierung) |
|
ID: |
DSA-1719-2 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian lenny, Debian etch |
|
Datum: |
Sa, 28. Februar 2009, 12:49 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4989 |
|
Applikationen: |
GNU Transport Layer Security Library |
|
Update von: |
Mangelnde Prüfung von Zertifikaten in gnutls13 |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-1719-2 security@debian.org http://www.debian.org/security/ Florian Weimer February 28, 2009 http://www.debian.org/security/faq - ------------------------------------------------------------------------
Package : gnutls13, gnutls26 Vulnerability : design flaw Problem type : remote Debian-specific: no CVE Id(s) : CVE-2008-4989 Debian Bug : 505360
Changes in DSA-1719-1 caused GNUTLS to reject X.509v1 certificates as CA root certificates by default, as originally described in the documentation. However, it turned out that there is still significant use of historic X.509v1 CA root certificates, so this constitutes an unacceptable regression. This update reverses this part of the changes in DSA-1719-1. Note that the X.509v1 certificate format does not distinguish between server and CA certificates, which means that an X.509v1 server certificates is implicitly converted into a CA certificate when added to the trust store (which was the reason for the change in DSA-1719-1).
The current stable distribution (lenny) was released with the changes in DSA-1719-1 already applied, and this update reverses the changes concerning X.509v1 CA certificates for this distribution, too.
For the old stable distribution (etch), this problem has been fixed in version 1.4.4-3+etch4.
For the stable distribution (lenny), this problem has been fixed in version 2.4.2-6+lenny1.
We recommend that you upgrade your GNUTLS packages.
Upgrade instructions - --------------------
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
If you are using the apt-get package manager, use the line for sources.list as given below:
apt-get update will update the internal database apt-get upgrade will install corrected packages
You may use an automated update by adding the resources from the footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch - -------------------------------
Source archives:
gnutls13_1.4.4.orig.tar.gz Size/MD5 checksum: 4752009 c06ada020e2b69caa51833175d59f8b2 gnutls13_1.4.4-3+etch4.diff.gz Size/MD5 checksum: 21337 fd8b423c5f4a11af2c60eda979df9b00 gnutls13_1.4.4-3+etch4.dsc Size/MD5 checksum: 1259 229287edc239349b5014f2d31890912a
Architecture independent packages:
gnutls-doc_1.4.4-3+etch4_all.deb Size/MD5 checksum: 2305134 4809b5a15fa8554dbf0cc7331ed0128a
amd64 architecture (AMD x86_64 (AMD64))
libgnutls-dev_1.4.4-3+etch4_amd64.deb Size/MD5 checksum: 389308 c6aa74857be44068f4e0d1f1322e30af libgnutls13_1.4.4-3+etch4_amd64.deb Size/MD5 checksum: 314864 9ea77f3b9e6fb21d899786f0f14d714c gnutls-bin_1.4.4-3+etch4_amd64.deb Size/MD5 checksum: 183034 8e1dae14f9ea57b112fe260b1b0d4133 libgnutls13-dbg_1.4.4-3+etch4_amd64.deb Size/MD5 checksum: 539598 223f5f50236b96400405a7c2ea4af3b9
arm architecture (ARM)
libgnutls-dev_1.4.4-3+etch4_arm.deb Size/MD5 checksum: 353164 9f47a15eb353836c9f02bc7621c8ee2f libgnutls13_1.4.4-3+etch4_arm.deb Size/MD5 checksum: 281742 977162dcbafd9a88bb5715d1295c7cab libgnutls13-dbg_1.4.4-3+etch4_arm.deb Size/MD5 checksum: 509214 d64fac5c2a6aeaaf47ae8aa0f99aa841 gnutls-bin_1.4.4-3+etch4_arm.deb Size/MD5 checksum: 169820 ace0fc294e2f61d61a163ebf6ea98af9
i386 architecture (Intel ia32)
libgnutls13-dbg_1.4.4-3+etch4_i386.deb Size/MD5 checksum: 525750 944d1f780c8ea773d8d01d1839d0f8cd libgnutls13_1.4.4-3+etch4_i386.deb Size/MD5 checksum: 281910 5b2168a10c343bb48d7ff6b063f90b26 gnutls-bin_1.4.4-3+etch4_i386.deb Size/MD5 checksum: 173350 5cd3104555a852ed354265c3d4921924 libgnutls-dev_1.4.4-3+etch4_i386.deb Size/MD5 checksum: 359610 8ca01d76b60baa1164782aacfa7f12da
ia64 architecture (Intel ia64)
gnutls-bin_1.4.4-3+etch4_ia64.deb Size/MD5 checksum: 229280 3de3e4fad552e820d9b62b4a161b6807 libgnutls-dev_1.4.4-3+etch4_ia64.deb Size/MD5 checksum: 550354 c66467b0a8ea04ff8695f0f51dc23fa0 libgnutls13_1.4.4-3+etch4_ia64.deb Size/MD5 checksum: 394816 c7e52cfc951d1395eafc88d600be8082 libgnutls13-dbg_1.4.4-3+etch4_ia64.deb Size/MD5 checksum: 528264 0c5a00e683ed44c8e70bd7788fa544f3
mips architecture (MIPS (Big Endian))
libgnutls-dev_1.4.4-3+etch4_mips.deb Size/MD5 checksum: 418556 517105132650631d491e16951f50f4ea gnutls-bin_1.4.4-3+etch4_mips.deb Size/MD5 checksum: 182930 1dd9d1855f0a76002afa0283859be901 libgnutls13_1.4.4-3+etch4_mips.deb Size/MD5 checksum: 279350 ad784dd6ef0a0225c3cb05a123899109 libgnutls13-dbg_1.4.4-3+etch4_mips.deb Size/MD5 checksum: 553722 8775869e9a8c161ac775484fb4266412
mipsel architecture (MIPS (Little Endian))
libgnutls13_1.4.4-3+etch4_mipsel.deb Size/MD5 checksum: 277854 c918ae14c6f090db47d8524bb960da86 gnutls-bin_1.4.4-3+etch4_mipsel.deb Size/MD5 checksum: 182814 2fac3eef97e8d358133428efc41be2a8 libgnutls-dev_1.4.4-3+etch4_mipsel.deb Size/MD5 checksum: 417234 9bf2baa3edb0f726eb712182c76255d8 libgnutls13-dbg_1.4.4-3+etch4_mipsel.deb Size/MD5 checksum: 542104 c332743916f758cd9ab65ac0d6acf835
powerpc architecture (PowerPC)
gnutls-bin_1.4.4-3+etch4_powerpc.deb Size/MD5 checksum: 184706 6ab0e02d76e0e399379601cd8017ee5a libgnutls13-dbg_1.4.4-3+etch4_powerpc.deb Size/MD5 checksum: 538836 d6c1e636a1cfebfa39013abc8f7de22a libgnutls13_1.4.4-3+etch4_powerpc.deb Size/MD5 checksum: 289006 3a5f173773e21f77e5c361c7c83cad95 libgnutls-dev_1.4.4-3+etch4_powerpc.deb Size/MD5 checksum: 388930 e784341c5933f4bd1e6e6ebd07f6fee4
s390 architecture (IBM S/390)
gnutls-bin_1.4.4-3+etch4_s390.deb Size/MD5 checksum: 184614 c7587959cdf1216f4bdea48a9a637152 libgnutls13_1.4.4-3+etch4_s390.deb Size/MD5 checksum: 311684 f5716c1530abed02d290464f7cada72c libgnutls13-dbg_1.4.4-3+etch4_s390.deb Size/MD5 checksum: 537542 4fadf059fb5875cc990de83a79a1b7a3 libgnutls-dev_1.4.4-3+etch4_s390.deb Size/MD5 checksum: 380358 8bc9700e54e895947bc4ee2b399dfee3
sparc architecture (Sun SPARC/UltraSPARC)
libgnutls13-dbg_1.4.4-3+etch4_sparc.deb Size/MD5 checksum: 491496 e24ea4ca4cbc14f35791523c4f955932 gnutls-bin_1.4.4-3+etch4_sparc.deb Size/MD5 checksum: 169438 c872e4a810ab75450b90c79e3ea7fe3f libgnutls13_1.4.4-3+etch4_sparc.deb Size/MD5 checksum: 271296 7fe33d25598be79b4bd58d5ea5e0258f libgnutls-dev_1.4.4-3+etch4_sparc.deb Size/MD5 checksum: 380138 10c4452d13237bda8e15c5ee5be878c6
Debian GNU/Linux 5.0 alias lenny - --------------------------------
Source archives:
gnutls26_2.4.2-6+lenny1.diff.gz Size/MD5 checksum: 20298 e6bb02c6522cf6b6842e0b38c633a087 gnutls26_2.4.2-6+lenny1.dsc Size/MD5 checksum: 1904 3410a16fe6f7dcce25f1c55946357dc6 gnutls26_2.4.2.orig.tar.gz Size/MD5 checksum: 5984345 8fea7c57f4badcafcd31eb0f981f169a
Architecture independent packages:
gnutls-doc_2.4.2-6+lenny1_all.deb Size/MD5 checksum: 2751582 9c920495e79d03f377d96ed94915a378
alpha architecture (DEC Alpha)
libgnutls-dev_2.4.2-6+lenny1_alpha.deb Size/MD5 checksum: 746956 6ba68bc991abcd886314ca52fb301f0d libgnutls26_2.4.2-6+lenny1_alpha.deb Size/MD5 checksum: 516830 6db84226b03e84bdd6e143b9c372f6ff gnutls-bin_2.4.2-6+lenny1_alpha.deb Size/MD5 checksum: 301862 13e22f528ab7a5f196111d187889e8d7 libgnutls26-dbg_2.4.2-6+lenny1_alpha.deb Size/MD5 checksum: 1141862 fc33865426c76c54994c076aa4dc55ec guile-gnutls_2.4.2-6+lenny1_alpha.deb Size/MD5 checksum: 217774 aa5c315542532f504fa0f40e6756d3ee
amd64 architecture (AMD x86_64 (AMD64))
gnutls-bin_2.4.2-6+lenny1_amd64.deb Size/MD5 checksum: 285624 48f7e580aed0f99e92eeee384c97cc21 guile-gnutls_2.4.2-6+lenny1_amd64.deb Size/MD5 checksum: 215802 2ed45e368aabeb938f90fee4b3cf4668 libgnutls26-dbg_2.4.2-6+lenny1_amd64.deb Size/MD5 checksum: 1136770 db82f80deb858958e98ff3fd1422dd2c libgnutls-dev_2.4.2-6+lenny1_amd64.deb Size/MD5 checksum: 586148 c95ef6b6b2af28fc7a8bfebe60703092 libgnutls26_2.4.2-6+lenny1_amd64.deb Size/MD5 checksum: 505908 e560d1c33d60f9b8c9748d6f70a2ccbc
arm architecture (ARM)
libgnutls-dev_2.4.2-6+lenny1_arm.deb Size/MD5 checksum: 527790 87252e8649cdf5f317a3ac193c68c70d gnutls-bin_2.4.2-6+lenny1_arm.deb Size/MD5 checksum: 269682 250998601126d1a5ae82be7db086a0f7 libgnutls26-dbg_2.4.2-6+lenny1_arm.deb Size/MD5 checksum: 1070766 59d90bba4d2287794ed753021ecbbf02 libgnutls26_2.4.2-6+lenny1_arm.deb Size/MD5 checksum: 445782 e31938233bab678b943a3f4c2dd1ea56 guile-gnutls_2.4.2-6+lenny1_arm.deb Size/MD5 checksum: 206486 4b388bbcc3c79008786c8aac9c387376
armel architecture (ARM EABI)
guile-gnutls_2.4.2-6+lenny1_armel.deb Size/MD5 checksum: 206812 1f067f477dd0408255ee75810107c8c0 libgnutls26_2.4.2-6+lenny1_armel.deb Size/MD5 checksum: 452356 908efc56e9b571d0f2ba965566924064 libgnutls26-dbg_2.4.2-6+lenny1_armel.deb Size/MD5 checksum: 1076694 25ddb450f16240a9ef522b9cf8e0b176 libgnutls-dev_2.4.2-6+lenny1_armel.deb Size/MD5 checksum: 530178 e314774bf8163d3ab38693798eba8718 gnutls-bin_2.4.2-6+lenny1_armel.deb Size/MD5 checksum: 271192 6fe14120a5ecf84cce73420a58306f3f
i386 architecture (Intel ia32)
libgnutls26-dbg_2.4.2-6+lenny1_i386.deb Size/MD5 checksum: 1093972 e84fc62e663d53231d7238b97a75cb2e libgnutls-dev_2.4.2-6+lenny1_i386.deb Size/MD5 checksum: 538250 f68cc41f9e9b90901a5e8e73ae83de68 libgnutls26_2.4.2-6+lenny1_i386.deb Size/MD5 checksum: 457306 2b4ce30e59d0d9f0924ca5952cd03035 guile-gnutls_2.4.2-6+lenny1_i386.deb Size/MD5 checksum: 211152 87efd0f0aec95b071881f3e3540c3afa gnutls-bin_2.4.2-6+lenny1_i386.deb Size/MD5 checksum: 270274 61bad9c03e790afb18e4a938cbe2446f
ia64 architecture (Intel ia64)
libgnutls-dev_2.4.2-6+lenny1_ia64.deb Size/MD5 checksum: 782620 95712b24bb1114caa021729297664601 libgnutls26-dbg_2.4.2-6+lenny1_ia64.deb Size/MD5 checksum: 933118 ba4cf6d4ccbb1701f30f3a875a77615a gnutls-bin_2.4.2-6+lenny1_ia64.deb Size/MD5 checksum: 341822 553a30423b78eb84b76168e825b13bea libgnutls26_2.4.2-6+lenny1_ia64.deb Size/MD5 checksum: 607420 29f719a5c0fee969d968753bdd17d92d
mips architecture (MIPS (Big Endian))
libgnutls26_2.4.2-6+lenny1_mips.deb Size/MD5 checksum: 450090 9e8b0b237b372fb9564367513b5f6ffb guile-gnutls_2.4.2-6+lenny1_mips.deb Size/MD5 checksum: 204034 9bb1b622aa462a4db4e2f1472a507bd0 libgnutls-dev_2.4.2-6+lenny1_mips.deb Size/MD5 checksum: 611794 1d9e8fec47f7a68b64d57c4d67a8dfa9 libgnutls26-dbg_2.4.2-6+lenny1_mips.deb Size/MD5 checksum: 1155814 6dd48f5c93110588df75719fe1da4d99 gnutls-bin_2.4.2-6+lenny1_mips.deb Size/MD5 checksum: 277060 ed80ff11b8463272c89d70efa295b8bb
mipsel architecture (MIPS (Little Endian))
gnutls-bin_2.4.2-6+lenny1_mipsel.deb Size/MD5 checksum: 276744 b6b3ccdfa730e35c4feda7a0787ece43 libgnutls26-dbg_2.4.2-6+lenny1_mipsel.deb Size/MD5 checksum: 1134448 4a3265f360fafa7454e5377091efff7d libgnutls-dev_2.4.2-6+lenny1_mipsel.deb Size/MD5 checksum: 608204 255d5a1d3e84c596ba4f5cf9debfb8a6 guile-gnutls_2.4.2-6+lenny1_mipsel.deb Size/MD5 checksum: 203572 c06441ed377c6e1c4baf8c73bdfc4baf libgnutls26_2.4.2-6+lenny1_mipsel.deb Size/MD5 checksum: 447520 dd41ed0007cb4e3385746f0e289532a4
powerpc architecture (PowerPC)
libgnutls26_2.4.2-6+lenny1_powerpc.deb Size/MD5 checksum: 487814 01f1da9942a0e77ac35d39566a22771a guile-gnutls_2.4.2-6+lenny1_powerpc.deb Size/MD5 checksum: 218270 62e9e476659217bb4028bd9a87b19047 libgnutls26-dbg_2.4.2-6+lenny1_powerpc.deb Size/MD5 checksum: 1134278 4f8242f3dae43f6f9211857739775b01 gnutls-bin_2.4.2-6+lenny1_powerpc.deb Size/MD5 checksum: 305018 b91fd4b4f92b83f70c9e7d6c578d3353 libgnutls-dev_2.4.2-6+lenny1_powerpc.deb Size/MD5 checksum: 578388 ccb884fa2239186f1e71f6dc07c409fc
s390 architecture (IBM S/390)
libgnutls-dev_2.4.2-6+lenny1_s390.deb Size/MD5 checksum: 566204 e62bf4f8d31b18a1b8c8342e19bc3ad2 gnutls-bin_2.4.2-6+lenny1_s390.deb Size/MD5 checksum: 289806 e51ed7c4ff9f68882f4a15fcdca96071 libgnutls26-dbg_2.4.2-6+lenny1_s390.deb Size/MD5 checksum: 1130046 a1ac3b9c196f7e75bc289a3b22f493d2 guile-gnutls_2.4.2-6+lenny1_s390.deb Size/MD5 checksum: 216206 1ce8f67ca2b9f739394f10724f420923 libgnutls26_2.4.2-6+lenny1_s390.deb Size/MD5 checksum: 495762 5455f27aaaeba4f915c926a30cab67b7
sparc architecture (Sun SPARC/UltraSPARC)
gnutls-bin_2.4.2-6+lenny1_sparc.deb Size/MD5 checksum: 275976 36ce4af3d5cc465dbde5f5a2aae79412 guile-gnutls_2.4.2-6+lenny1_sparc.deb Size/MD5 checksum: 209024 fa624b91e2aaace19fd3e8811c58db93 libgnutls-dev_2.4.2-6+lenny1_sparc.deb Size/MD5 checksum: 555742 73d68d4ca103be6606211447453d7c1f libgnutls26_2.4.2-6+lenny1_sparc.deb Size/MD5 checksum: 437112 afcefdffc5735c5e3c7560e18b0cf993 libgnutls26-dbg_2.4.2-6+lenny1_sparc.deb Size/MD5 checksum: 1021176 0736c346230146549d5871a4572bec13
These files will probably be moved into the stable distribution on its next update.
- --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-securitydists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iQEcBAEBAgAGBQJJqSNZAAoJEL97/wQC1SS+tmYIAIuUDIUysM8BoxgRHnictnQP uK8PJi5Az2Sz5PqBwXziLna2Z+TjknoqtLrSUX6M3sLR5m5Rfslj+N+PT/zTyFnE 94HESrVwFJFhxZQ9cVr/8aZUMoOZE7F8i05SrBXuU9LFgp58HfwyXozAIRSGrYjc 1rXKlJ5tmb6mF9ljq36g8Z4DWwPRNRpXB69lz4inzITfpBqBb4W9PGr2PrCoX33t 2jAJT3wcCl+6SfARrH79e+clnU2OIk8U4U5zBn5vosuQWY+JDuh6XiXXSUNpxOSH aMxgkRi00uYbX95B3i/QggqrYR3tzPkPuVYioWDT0tPCUP/SrWz79Z5hpQZI6yM= =JLzS -----END PGP SIGNATURE-----
-- To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
|
|
|
|