---

Advisories, September 18, 2006


Ubuntu Security Notice USN-348-1 September 18, 2006
gnutls11, gnutls12 vulnerability
CVE-2006-4790


A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
libgnutls11 1.0.16-13ubuntu0.3

Ubuntu 5.10:
libgnutls11 1.0.16-13.1ubuntu1.2

Ubuntu 6.06 LTS:

libgnutls11 1.0.16-14ubuntu1.1
libgnutls12 1.2.9-2ubuntu1.1

After a standard system upgrade you need to reboot your computer
to effect the necessary changes.

Details follow:

The GnuTLS library did not sufficiently check the padding of
PKCS #1 v1.5 signatures if the exponent of the public key is 3
(which is widely used for CAs). This could be exploited to forge
signatures without the need of the secret key.

Updated packages for Ubuntu 5.04:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/gnutls11_1.0.16-13ubuntu0.3.diff.gz

      Size/MD5: 339767
c5bff2326fcb68ed0336e25449012068
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/gnutls11_1.0.16-13ubuntu0.3.dsc

      Size/MD5: 830
c0793d93e9c5b93567099347fa446c72
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/gnutls11_1.0.16.orig.tar.gz

      Size/MD5: 1504638
7b410fa3c563c7988e434a8c8671b3cd

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/gnutls-bin_1.0.16-13ubuntu0.3_amd64.deb

      Size/MD5: 217660
bba5c5e0d5f59354f6b3336367be937f
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-dbg_1.0.16-13ubuntu0.3_amd64.deb

      Size/MD5: 575482
a62525c690862f1b4927cc7f55173d3b
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11-dev_1.0.16-13ubuntu0.3_amd64.deb

      Size/MD5: 392664
c78b8dbf6725d02e19da5707d3335124
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11_1.0.16-13ubuntu0.3_amd64.deb

      Size/MD5: 327142
bb345c39bf9e7879432b566bf5e1a235

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/gnutls-bin_1.0.16-13ubuntu0.3_i386.deb

      Size/MD5: 203632
a467a4155ed992414884c86fc8120e5f
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-dbg_1.0.16-13ubuntu0.3_i386.deb

      Size/MD5: 555946
1ffdced169899150a35b540c373b1a0c
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11-dev_1.0.16-13ubuntu0.3_i386.deb

      Size/MD5: 357486
1bbbbc936c849e2ec1b2f6432506a86a
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11_1.0.16-13ubuntu0.3_i386.deb

      Size/MD5: 293636
02023e0e58310001f3ed4d4b31dacb27

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/gnutls-bin_1.0.16-13ubuntu0.3_powerpc.deb

      Size/MD5: 218566
3dfdc586e1df5663ab8edbb3735ec48c
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-dbg_1.0.16-13ubuntu0.3_powerpc.deb

      Size/MD5: 1416126
f51c3ede362394ec62ca07e345d2c4b7
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11-dev_1.0.16-13ubuntu0.3_powerpc.deb

      Size/MD5: 389076
9904c61c7aae79e2d1700b33c92a371a
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11_1.0.16-13ubuntu0.3_powerpc.deb

      Size/MD5: 299668
fac8cd974bcca326209e4c78eff25eac

Updated packages for Ubuntu 5.10:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/gnutls11_1.0.16-13.1ubuntu1.2.diff.gz

      Size/MD5: 340309
49a5050c08af0f81729b45f5f3c8d22d
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/gnutls11_1.0.16-13.1ubuntu1.2.dsc

      Size/MD5: 829
cbd5adc73119254f416328c52203502b
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/gnutls11_1.0.16.orig.tar.gz

      Size/MD5: 1504638
7b410fa3c563c7988e434a8c8671b3cd

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/gnutls-bin_1.0.16-13.1ubuntu1.2_amd64.deb

      Size/MD5: 217668
1ed174a692537d419a0cfe8d126aee7e
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-dbg_1.0.16-13.1ubuntu1.2_amd64.deb

      Size/MD5: 501184
076e79bc654983d5980bd5ad1556db6a
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11-dev_1.0.16-13.1ubuntu1.2_amd64.deb

      Size/MD5: 398968
d60fddde214fe3a9ba132f5aa31421f6
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11_1.0.16-13.1ubuntu1.2_amd64.deb

      Size/MD5: 332338
bfdb04fcbc4cc1b35466309e6d1ebe68

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/gnutls-bin_1.0.16-13.1ubuntu1.2_i386.deb

      Size/MD5: 201838
7e5322c9a0549be64847db789e478f69
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-dbg_1.0.16-13.1ubuntu1.2_i386.deb

      Size/MD5: 443744
4e484450ea0c30d50b77878158021c56
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11-dev_1.0.16-13.1ubuntu1.2_i386.deb

      Size/MD5: 353510
34cedb7560cf2bc326dc608a73fef028
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11_1.0.16-13.1ubuntu1.2_i386.deb

      Size/MD5: 287262
2a22bf7ef42370d27799e9992b183c17

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/gnutls-bin_1.0.16-13.1ubuntu1.2_powerpc.deb

      Size/MD5: 218960
6ce6df1a4a741c8c12b57ca41ef71d1f
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-dbg_1.0.16-13.1ubuntu1.2_powerpc.deb

      Size/MD5: 498738
abffd68ab815093d0fa33a0ddf09d62b
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11-dev_1.0.16-13.1ubuntu1.2_powerpc.deb

      Size/MD5: 395476
715c6b951b76d873024a80816545df6f
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11_1.0.16-13.1ubuntu1.2_powerpc.deb

      Size/MD5: 304944
66adb0761c8004b85c841fc78eaecd9c

sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/gnutls-bin_1.0.16-13.1ubuntu1.2_sparc.deb

      Size/MD5: 205296
10c9919c827341235884044b98c9b9ed
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-dbg_1.0.16-13.1ubuntu1.2_sparc.deb

      Size/MD5: 438502
747e41cb86f57b80094a3b9624faaa79
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11-dev_1.0.16-13.1ubuntu1.2_sparc.deb

      Size/MD5: 395448
a73794337f96dd436969f1ce1e1b2ed2
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11_1.0.16-13.1ubuntu1.2_sparc.deb

      Size/MD5: 293108
59e5c1dbc23d906229efdc5fd8b43acb

Updated packages for Ubuntu 6.06 LTS:

Source archives:

    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/gnutls11_1.0.16-14ubuntu1.1.diff.gz

      Size/MD5: 340592
3d897a1f6c852961a51e1ed2abd57700
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/gnutls11_1.0.16-14ubuntu1.1.dsc

      Size/MD5: 782
ed4ea38a746c3a5c01df97efc1f56684
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/gnutls11_1.0.16.orig.tar.gz

      Size/MD5: 1504638
7b410fa3c563c7988e434a8c8671b3cd
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/gnutls12_1.2.9-2ubuntu1.1.diff.gz

      Size/MD5: 547210
43343fb58d09ef0157163d61e4b856ac
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/gnutls12_1.2.9-2ubuntu1.1.dsc

      Size/MD5: 846
de642e0252450068d262032caa108ab3
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/gnutls12_1.2.9.orig.tar.gz

      Size/MD5: 3305475
4e1a2e9c22c7d6459d5eb5e6484a19c4

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls12/gnutls-bin_1.2.9-2ubuntu1.1_amd64.deb

      Size/MD5: 288060
ab7b29cc7797add5c945fee37ea08e13
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/libgnutls-dev_1.2.9-2ubuntu1.1_amd64.deb

      Size/MD5: 490866
8f8f9b54a0a351df5cfeabceb90337bd
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-dbg_1.0.16-14ubuntu1.1_amd64.deb

      Size/MD5: 492192
14d5105bfb4f1346dc24cdb02282a989
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-dev_1.0.16-14ubuntu1.1_amd64.deb

      Size/MD5: 398922
167aca29f3fb079e0ae59b171d3f80f6
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11_1.0.16-14ubuntu1.1_amd64.deb

      Size/MD5: 332602
5c80ebe2410af742c3f1e5ebf3f061c4
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls12/libgnutls12-dbg_1.2.9-2ubuntu1.1_amd64.deb

      Size/MD5: 642186
2d6e15d7f57c64dc6a08de1a837f882f
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/libgnutls12_1.2.9-2ubuntu1.1_amd64.deb

      Size/MD5: 419956
77892c1022bdb4e422bb84654bf81275

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls12/gnutls-bin_1.2.9-2ubuntu1.1_i386.deb

      Size/MD5: 271890
52a8d52f5db1ee7d81573fe3ef8909d0
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/libgnutls-dev_1.2.9-2ubuntu1.1_i386.deb

      Size/MD5: 444560
e62ca7e54d740dae765cff30e2877fea
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-dbg_1.0.16-14ubuntu1.1_i386.deb

      Size/MD5: 434914
66cd4ae0e53bac620537befa71b71471
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-dev_1.0.16-14ubuntu1.1_i386.deb

      Size/MD5: 353266
b7882d6444d9946074df3ccda4609548
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11_1.0.16-14ubuntu1.1_i386.deb

      Size/MD5: 287556
60a01efc8102af04b9418dfdd053d60d
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls12/libgnutls12-dbg_1.2.9-2ubuntu1.1_i386.deb

      Size/MD5: 578054
1b0af9f8bbfdca6ab65781d1a761d1f8
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/libgnutls12_1.2.9-2ubuntu1.1_i386.deb

      Size/MD5: 372796
931456f16edb71bc2f3724597b7d25a5

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls12/gnutls-bin_1.2.9-2ubuntu1.1_powerpc.deb

      Size/MD5: 288282
da78d3aa3f6dc6f55819a7a7b87a8ef9
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/libgnutls-dev_1.2.9-2ubuntu1.1_powerpc.deb

      Size/MD5: 483764
4b9bc5d06ecef2ccfd1bf78cb3a38be3
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-dbg_1.0.16-14ubuntu1.1_powerpc.deb

      Size/MD5: 488222
8809195502f4beb96deb7fa5c5db1971
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-dev_1.0.16-14ubuntu1.1_powerpc.deb

      Size/MD5: 395568
c1a26fe60afbdafdb944ff41dab4b8c1
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11_1.0.16-14ubuntu1.1_powerpc.deb

      Size/MD5: 304804
c33b1d0470d894ea91d9cabbe921d35e
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls12/libgnutls12-dbg_1.2.9-2ubuntu1.1_powerpc.deb

      Size/MD5: 635046
71b63e9a190676debea5a40423da233a
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/libgnutls12_1.2.9-2ubuntu1.1_powerpc.deb

      Size/MD5: 390354
e132049e6323d5d71824379f6bfe57bf

sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls12/gnutls-bin_1.2.9-2ubuntu1.1_sparc.deb

      Size/MD5: 273020
8ccad45ebceb81375ac915a14edc73e5
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/libgnutls-dev_1.2.9-2ubuntu1.1_sparc.deb

      Size/MD5: 480026
9f53727b59d626a0a2cc15ab9bb37331
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-dbg_1.0.16-14ubuntu1.1_sparc.deb

      Size/MD5: 427638
f38fb7a6a633baf4b7100ec839372eab
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-dev_1.0.16-14ubuntu1.1_sparc.deb

      Size/MD5: 393658
10ceb83747c49a19b98c51c1d72fdc06
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11_1.0.16-14ubuntu1.1_sparc.deb

      Size/MD5: 292130
3a032b8476527064933fea01882e912d
    http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls12/libgnutls12-dbg_1.2.9-2ubuntu1.1_sparc.deb

      Size/MD5: 570060
22615e4739a2f71f9977b2c683283e28
    http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/libgnutls12_1.2.9-2ubuntu1.1_sparc.deb

      Size/MD5: 375898
016adf7e48efcbaa949392a352324d2b

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis