Ubuntu Security Notice USN-348-1 September 18, 2006
gnutls11, gnutls12 vulnerability
CVE-2006-4790
A security issue affects the following Ubuntu releases:
Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 5.04:
libgnutls11 1.0.16-13ubuntu0.3
Ubuntu 5.10:
libgnutls11 1.0.16-13.1ubuntu1.2
Ubuntu 6.06 LTS:
libgnutls11 1.0.16-14ubuntu1.1
libgnutls12 1.2.9-2ubuntu1.1
After a standard system upgrade you need to reboot your computer
to effect the necessary changes.
Details follow:
The GnuTLS library did not sufficiently check the padding of
PKCS #1 v1.5 signatures if the exponent of the public key is 3
(which is widely used for CAs). This could be exploited to forge
signatures without the need of the secret key.
Updated packages for Ubuntu 5.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/gnutls11_1.0.16-13ubuntu0.3.diff.gz
Size/MD5: 339767
c5bff2326fcb68ed0336e25449012068
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/gnutls11_1.0.16-13ubuntu0.3.dsc
Size/MD5: 830
c0793d93e9c5b93567099347fa446c72
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/gnutls11_1.0.16.orig.tar.gz
Size/MD5: 1504638
7b410fa3c563c7988e434a8c8671b3cd
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/gnutls-bin_1.0.16-13ubuntu0.3_amd64.deb
Size/MD5: 217660
bba5c5e0d5f59354f6b3336367be937f
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-dbg_1.0.16-13ubuntu0.3_amd64.deb
Size/MD5: 575482
a62525c690862f1b4927cc7f55173d3b
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11-dev_1.0.16-13ubuntu0.3_amd64.deb
Size/MD5: 392664
c78b8dbf6725d02e19da5707d3335124
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11_1.0.16-13ubuntu0.3_amd64.deb
Size/MD5: 327142
bb345c39bf9e7879432b566bf5e1a235
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/gnutls-bin_1.0.16-13ubuntu0.3_i386.deb
Size/MD5: 203632
a467a4155ed992414884c86fc8120e5f
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-dbg_1.0.16-13ubuntu0.3_i386.deb
Size/MD5: 555946
1ffdced169899150a35b540c373b1a0c
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11-dev_1.0.16-13ubuntu0.3_i386.deb
Size/MD5: 357486
1bbbbc936c849e2ec1b2f6432506a86a
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11_1.0.16-13ubuntu0.3_i386.deb
Size/MD5: 293636
02023e0e58310001f3ed4d4b31dacb27
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/gnutls-bin_1.0.16-13ubuntu0.3_powerpc.deb
Size/MD5: 218566
3dfdc586e1df5663ab8edbb3735ec48c
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-dbg_1.0.16-13ubuntu0.3_powerpc.deb
Size/MD5: 1416126
f51c3ede362394ec62ca07e345d2c4b7
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11-dev_1.0.16-13ubuntu0.3_powerpc.deb
Size/MD5: 389076
9904c61c7aae79e2d1700b33c92a371a
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11_1.0.16-13ubuntu0.3_powerpc.deb
Size/MD5: 299668
fac8cd974bcca326209e4c78eff25eac
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/gnutls11_1.0.16-13.1ubuntu1.2.diff.gz
Size/MD5: 340309
49a5050c08af0f81729b45f5f3c8d22d
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/gnutls11_1.0.16-13.1ubuntu1.2.dsc
Size/MD5: 829
cbd5adc73119254f416328c52203502b
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/gnutls11_1.0.16.orig.tar.gz
Size/MD5: 1504638
7b410fa3c563c7988e434a8c8671b3cd
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/gnutls-bin_1.0.16-13.1ubuntu1.2_amd64.deb
Size/MD5: 217668
1ed174a692537d419a0cfe8d126aee7e
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-dbg_1.0.16-13.1ubuntu1.2_amd64.deb
Size/MD5: 501184
076e79bc654983d5980bd5ad1556db6a
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11-dev_1.0.16-13.1ubuntu1.2_amd64.deb
Size/MD5: 398968
d60fddde214fe3a9ba132f5aa31421f6
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11_1.0.16-13.1ubuntu1.2_amd64.deb
Size/MD5: 332338
bfdb04fcbc4cc1b35466309e6d1ebe68
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/gnutls-bin_1.0.16-13.1ubuntu1.2_i386.deb
Size/MD5: 201838
7e5322c9a0549be64847db789e478f69
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-dbg_1.0.16-13.1ubuntu1.2_i386.deb
Size/MD5: 443744
4e484450ea0c30d50b77878158021c56
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11-dev_1.0.16-13.1ubuntu1.2_i386.deb
Size/MD5: 353510
34cedb7560cf2bc326dc608a73fef028
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11_1.0.16-13.1ubuntu1.2_i386.deb
Size/MD5: 287262
2a22bf7ef42370d27799e9992b183c17
powerpc architecture (Apple Macintosh G3/G4/G5)
Size/MD5: 218960
6ce6df1a4a741c8c12b57ca41ef71d1f
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-dbg_1.0.16-13.1ubuntu1.2_powerpc.deb
Size/MD5: 498738
abffd68ab815093d0fa33a0ddf09d62b
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11-dev_1.0.16-13.1ubuntu1.2_powerpc.deb
Size/MD5: 395476
715c6b951b76d873024a80816545df6f
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11_1.0.16-13.1ubuntu1.2_powerpc.deb
Size/MD5: 304944
66adb0761c8004b85c841fc78eaecd9c
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/gnutls-bin_1.0.16-13.1ubuntu1.2_sparc.deb
Size/MD5: 205296
10c9919c827341235884044b98c9b9ed
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-dbg_1.0.16-13.1ubuntu1.2_sparc.deb
Size/MD5: 438502
747e41cb86f57b80094a3b9624faaa79
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11-dev_1.0.16-13.1ubuntu1.2_sparc.deb
Size/MD5: 395448
a73794337f96dd436969f1ce1e1b2ed2
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls11/libgnutls11_1.0.16-13.1ubuntu1.2_sparc.deb
Size/MD5: 293108
59e5c1dbc23d906229efdc5fd8b43acb
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/gnutls11_1.0.16-14ubuntu1.1.diff.gz
Size/MD5: 340592
3d897a1f6c852961a51e1ed2abd57700
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/gnutls11_1.0.16-14ubuntu1.1.dsc
Size/MD5: 782
ed4ea38a746c3a5c01df97efc1f56684
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/gnutls11_1.0.16.orig.tar.gz
Size/MD5: 1504638
7b410fa3c563c7988e434a8c8671b3cd
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/gnutls12_1.2.9-2ubuntu1.1.diff.gz
Size/MD5: 547210
43343fb58d09ef0157163d61e4b856ac
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/gnutls12_1.2.9-2ubuntu1.1.dsc
Size/MD5: 846
de642e0252450068d262032caa108ab3
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/gnutls12_1.2.9.orig.tar.gz
Size/MD5: 3305475
4e1a2e9c22c7d6459d5eb5e6484a19c4
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls12/gnutls-bin_1.2.9-2ubuntu1.1_amd64.deb
Size/MD5: 288060
ab7b29cc7797add5c945fee37ea08e13
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/libgnutls-dev_1.2.9-2ubuntu1.1_amd64.deb
Size/MD5: 490866
8f8f9b54a0a351df5cfeabceb90337bd
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-dbg_1.0.16-14ubuntu1.1_amd64.deb
Size/MD5: 492192
14d5105bfb4f1346dc24cdb02282a989
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-dev_1.0.16-14ubuntu1.1_amd64.deb
Size/MD5: 398922
167aca29f3fb079e0ae59b171d3f80f6
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11_1.0.16-14ubuntu1.1_amd64.deb
Size/MD5: 332602
5c80ebe2410af742c3f1e5ebf3f061c4
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls12/libgnutls12-dbg_1.2.9-2ubuntu1.1_amd64.deb
Size/MD5: 642186
2d6e15d7f57c64dc6a08de1a837f882f
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/libgnutls12_1.2.9-2ubuntu1.1_amd64.deb
Size/MD5: 419956
77892c1022bdb4e422bb84654bf81275
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls12/gnutls-bin_1.2.9-2ubuntu1.1_i386.deb
Size/MD5: 271890
52a8d52f5db1ee7d81573fe3ef8909d0
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/libgnutls-dev_1.2.9-2ubuntu1.1_i386.deb
Size/MD5: 444560
e62ca7e54d740dae765cff30e2877fea
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-dbg_1.0.16-14ubuntu1.1_i386.deb
Size/MD5: 434914
66cd4ae0e53bac620537befa71b71471
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-dev_1.0.16-14ubuntu1.1_i386.deb
Size/MD5: 353266
b7882d6444d9946074df3ccda4609548
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11_1.0.16-14ubuntu1.1_i386.deb
Size/MD5: 287556
60a01efc8102af04b9418dfdd053d60d
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls12/libgnutls12-dbg_1.2.9-2ubuntu1.1_i386.deb
Size/MD5: 578054
1b0af9f8bbfdca6ab65781d1a761d1f8
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/libgnutls12_1.2.9-2ubuntu1.1_i386.deb
Size/MD5: 372796
931456f16edb71bc2f3724597b7d25a5
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls12/gnutls-bin_1.2.9-2ubuntu1.1_powerpc.deb
Size/MD5: 288282
da78d3aa3f6dc6f55819a7a7b87a8ef9
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/libgnutls-dev_1.2.9-2ubuntu1.1_powerpc.deb
Size/MD5: 483764
4b9bc5d06ecef2ccfd1bf78cb3a38be3
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-dbg_1.0.16-14ubuntu1.1_powerpc.deb
Size/MD5: 488222
8809195502f4beb96deb7fa5c5db1971
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-dev_1.0.16-14ubuntu1.1_powerpc.deb
Size/MD5: 395568
c1a26fe60afbdafdb944ff41dab4b8c1
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11_1.0.16-14ubuntu1.1_powerpc.deb
Size/MD5: 304804
c33b1d0470d894ea91d9cabbe921d35e
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls12/libgnutls12-dbg_1.2.9-2ubuntu1.1_powerpc.deb
Size/MD5: 635046
71b63e9a190676debea5a40423da233a
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/libgnutls12_1.2.9-2ubuntu1.1_powerpc.deb
Size/MD5: 390354
e132049e6323d5d71824379f6bfe57bf
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls12/gnutls-bin_1.2.9-2ubuntu1.1_sparc.deb
Size/MD5: 273020
8ccad45ebceb81375ac915a14edc73e5
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/libgnutls-dev_1.2.9-2ubuntu1.1_sparc.deb
Size/MD5: 480026
9f53727b59d626a0a2cc15ab9bb37331
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-dbg_1.0.16-14ubuntu1.1_sparc.deb
Size/MD5: 427638
f38fb7a6a633baf4b7100ec839372eab
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11-dev_1.0.16-14ubuntu1.1_sparc.deb
Size/MD5: 393658
10ceb83747c49a19b98c51c1d72fdc06
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls11/libgnutls11_1.0.16-14ubuntu1.1_sparc.deb
Size/MD5: 292130
3a032b8476527064933fea01882e912d
http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls12/libgnutls12-dbg_1.2.9-2ubuntu1.1_sparc.deb
Size/MD5: 570060
22615e4739a2f71f9977b2c683283e28
http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/libgnutls12_1.2.9-2ubuntu1.1_sparc.deb
Size/MD5: 375898
016adf7e48efcbaa949392a352324d2b