From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-1719-2
[email protected] http://www.debian.org/security/ Florian Weimer February 28, 2009
http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : gnutls13, gnutls26
Vulnerability : design flaw
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2008-4989
Debian Bug : 505360
Changes in DSA-1719-1 caused GNUTLS to reject X.509v1 certificates as
CA root certificates by default, as originally described in the
documentation. However, it turned out that there is still significant
use of historic X.509v1 CA root certificates, so this constitutes an unacceptable regression. This update reverses this part of the
changes in DSA-1719-1. Note that the X.509v1 certificate format does
not distinguish between server and CA certificates, which means that
an X.509v1 server certificates is implicitly converted into a CA
certificate when added to the trust store (which was the reason for
the change in DSA-1719-1).
The current stable distribution (lenny) was released with the changes
in DSA-1719-1 already applied, and this update reverses the changes
concerning X.509v1 CA certificates for this distribution, too.
For the old stable distribution (etch), this problem has been fixed in
version 1.4.4-3+etch4.
For the stable distribution (lenny), this problem has been fixed in
version 2.4.2-6+lenny1.
We recommend that you upgrade your GNUTLS packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Source archives:
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls13_1.4.4.orig.tar.gz
Size/MD5 checksum: 4752009 c06ada020e2b69caa51833175d59f8b2
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls13_1.4.4-3+etch4.diff.gz
Size/MD5 checksum: 21337 fd8b423c5f4a11af2c60eda979df9b00
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls13_1.4.4-3+etch4.dsc
Size/MD5 checksum: 1259 229287edc239349b5014f2d31890912a
Architecture independent packages:
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-doc_1.4.4-3+etch4_all.deb
Size/MD5 checksum: 2305134 4809b5a15fa8554dbf0cc7331ed0128a
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch4_amd64.deb
Size/MD5 checksum: 389308 c6aa74857be44068f4e0d1f1322e30af
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch4_amd64.deb
Size/MD5 checksum: 314864 9ea77f3b9e6fb21d899786f0f14d714c
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch4_amd64.deb
Size/MD5 checksum: 183034 8e1dae14f9ea57b112fe260b1b0d4133
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch4_amd64.deb
Size/MD5 checksum: 539598 223f5f50236b96400405a7c2ea4af3b9
arm architecture (ARM)
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch4_arm.deb
Size/MD5 checksum: 353164 9f47a15eb353836c9f02bc7621c8ee2f
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch4_arm.deb
Size/MD5 checksum: 281742 977162dcbafd9a88bb5715d1295c7cab
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch4_arm.deb
Size/MD5 checksum: 509214 d64fac5c2a6aeaaf47ae8aa0f99aa841
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch4_arm.deb
Size/MD5 checksum: 169820 ace0fc294e2f61d61a163ebf6ea98af9
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch4_i386.deb
Size/MD5 checksum: 525750 944d1f780c8ea773d8d01d1839d0f8cd
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch4_i386.deb
Size/MD5 checksum: 281910 5b2168a10c343bb48d7ff6b063f90b26
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch4_i386.deb
Size/MD5 checksum: 173350 5cd3104555a852ed354265c3d4921924
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch4_i386.deb
Size/MD5 checksum: 359610 8ca01d76b60baa1164782aacfa7f12da
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch4_ia64.deb
Size/MD5 checksum: 229280 3de3e4fad552e820d9b62b4a161b6807
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch4_ia64.deb
Size/MD5 checksum: 550354 c66467b0a8ea04ff8695f0f51dc23fa0
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch4_ia64.deb
Size/MD5 checksum: 394816 c7e52cfc951d1395eafc88d600be8082
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch4_ia64.deb
Size/MD5 checksum: 528264 0c5a00e683ed44c8e70bd7788fa544f3
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch4_mips.deb
Size/MD5 checksum: 418556 517105132650631d491e16951f50f4ea
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch4_mips.deb
Size/MD5 checksum: 182930 1dd9d1855f0a76002afa0283859be901
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch4_mips.deb
Size/MD5 checksum: 279350 ad784dd6ef0a0225c3cb05a123899109
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch4_mips.deb
Size/MD5 checksum: 553722 8775869e9a8c161ac775484fb4266412
mipsel architecture (MIPS (Little Endian))
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)