Forum: >>> Magnum BBS <<<

[SECURITY] [DSA 1946-1] New belpic packages fix cryptographic weakness

From Steffen Joeris@1:229/2 to All on Fri Dec 4 22:10:02 2009

From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------ Debian Security Advisory DSA-1946-1 [email protected] http://www.debian.org/security/ Steffen Joeris
December 04, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : belpic
Vulnerability : cryptographic weakness
Problem type : remote
Debian-specific: no
CVE Id : CVE-2009-0049
Debian Bug : 511261

It was discovered that belpic, the belgian eID PKCS11 library, does not properly check the result of an OpenSSL function for verifying
cryptographic signatures, which could be used to bypass the certificate validation.

For the oldstable distribution (etch), this problem has been fixed in
version 2.5.9-7.etch.1.

For the stable distribution (lenny), this problem has been fixed in
version 2.6.0-6, which was already included in the lenny release.

For the testing distribution (squeeze) and the unstable distribution
(sid), this problem has been fixed in version 2.6.0-6.

We recommend that you upgrade your belpic packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Debian (oldstable)
- ------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/b/belpic/belpic_2.5.9-7.etch.1.diff.gz
Size/MD5 checksum: 20340 d0d4ce8373f2f49800971113432ab35e
http://security.debian.org/pool/updates/main/b/belpic/belpic_2.5.9-7.etch.1.dsc
Size/MD5 checksum: 778 6a552980e5274b74128f2b43d5eecd84
http://security.debian.org/pool/updates/main/b/belpic/belpic_2.5.9.orig.tar.gz
Size/MD5 checksum: 1790274 517a8617e5919b3218acf2d5d859ea8e

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/b/belpic/libbeid2-dev_2.5.9-7.etch.1_alpha.deb
Size/MD5 checksum: 87916 fce36aa5a4e516bece52ca1322328288
http://security.debian.org/pool/updates/main/b/belpic/beid-tools_2.5.9-7.etch.1_alpha.deb
Size/MD5 checksum: 156018 4e75d5671006c371f4a5aeeb216d2749
http://security.debian.org/pool/updates/main/b/belpic/beidgui_2.5.9-7.etch.1_alpha.deb
Size/MD5 checksum: 314606 2caa3f109ee32caabb5ef63702ff9536
http://security.debian.org/pool/updates/main/b/belpic/libbeidlibopensc2_2.5.9-7.etch.1_alpha.deb
Size/MD5 checksum: 338216 75704f922f932f7453fd475af22bac15
http://security.debian.org/pool/updates/main/b/belpic/libbeid2_2.5.9-7.etch.1_alpha.deb
Size/MD5 checksum: 153234 64e2984faecdb78f26566faa7b40c837
http://security.debian.org/pool/updates/main/b/belpic/libbeidlibopensc2-dev_2.5.9-7.etch.1_alpha.deb
Size/MD5 checksum: 1013996 3a64d43f1fe914d0800b8cacb6a602ed

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/b/belpic/beid-tools_2.5.9-7.etch.1_amd64.deb
Size/MD5 checksum: 151240 ff1be550e65c3c234ea0ae3e8fa3f39e
http://security.debian.org/pool/updates/main/b/belpic/libbeid2_2.5.9-7.etch.1_amd64.deb
Size/MD5 checksum: 150332 3dcdfb89cacf62cca1ffc3da471ff7c4
http://security.debian.org/pool/updates/main/b/belpic/libbeid2-dev_2.5.9-7.etch.1_amd64.deb
Size/MD5 checksum: 87572 8a357ceb7f8a783d9fe127e0c0bfe943
http://security.debian.org/pool/updates/main/b/belpic/libbeidlibopensc2_2.5.9-7.etch.1_amd64.deb
Size/MD5 checksum: 330802 0ea774426304964b8bf07ee176fb4c91
http://security.debian.org/pool/updates/main/b/belpic/beidgui_2.5.9-7.etch.1_amd64.deb
Size/MD5 checksum: 305592 0d28550e3a3b2929c53057533726cb13
http://security.debian.org/pool/updates/main/b/belpic/libbeidlibopensc2-dev_2.5.9-7.etch.1_amd64.deb
Size/MD5 checksum: 1013976 51c8584f0dcb8fd6b67727e13935f073

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/b/belpic/libbeidlibopensc2-dev_2.5.9-7.etch.1_hppa.deb
Size/MD5 checksum: 1012984 3f52c668f80dac56d6eba30b092bfa09
http://security.debian.org/pool/updates/main/b/belpic/libbeidlibopensc2_2.5.9-7.etch.1_hppa.deb
Size/MD5 checksum: 346390 8cce55c26535945b3c9ba13b6404142e
http://security.debian.org/pool/updates/main/b/belpic/libbeid2_2.5.9-7.etch.1_hppa.deb
Size/MD5 checksum: 160238 2d6e75fb4994110b2f5b1227f2269a77
http://security.debian.org/pool/updates/main/b/belpic/libbeid2-dev_2.5.9-7.etch.1_hppa.deb
Size/MD5 checksum: 87678 b126cca6dfc088fc0b8cc6775f0f2e7c
http://security.debian.org/pool/updates/main/b/belpic/beidgui_2.5.9-7.etch.1_hppa.deb
Size/MD5 checksum: 318312 7d244309c1b1e8a82f467ed0f4b01a8f
http://security.debian.org/pool/updates/main/b/belpic/beid-tools_2.5.9-7.etch.1_hppa.deb
Size/MD5 checksum: 156784 062a94360e7af00b1d17a8883f2df33c

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/b/belpic/libbeid2_2.5.9-7.etch.1_i386.deb
Size/MD5 checksum: 148666 780cf47c2c9a3262b2a3d6e749759d21
http://security.debian.org/pool/updates/main/b/belpic/libbeidlibopensc2_2.5.9-7.etch.1_i386.deb
Size/MD5 checksum: 311998 d2ec1c416b6b94edff51b6a652ef03e5
http://security.debian.org/pool/updates/main/b/belpic/beid-tools_2.5.9-7.etch.1_i386.deb
Size/MD5 checksum: 144724 5b731d7498e0c87cca36221c8c1152d9
http://security.debian.org/pool/updates/main/b/belpic/beidgui_2.5.9-7.etch.1_i386.deb
Size/MD5 checksum: 299860 0d60e423f940317db6028ff814e0f787
http://security.debian.org/pool/updates/main/b/belpic/libbeidlibopensc2-dev_2.5.9-7.etch.1_i386.deb
Size/MD5 checksum: 1014116 99fe999f58a645c88d1e859497215b50
http://security.debian.org/pool/updates/main/b/belpic/libbeid2-dev_2.5.9-7.etch.1_i386.deb
Size/MD5 checksum: 87780 cf21f6df10e9b1b88ed35d858109b3ae

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/b/belpic/libbeid2-dev_2.5.9-7.etch.1_ia64.deb

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

Who's Online
Recent Visitors
- Krenn
  Sun Jun 7 03:07:26 2026
  from Sydney, Nsw via Telnet
- Krenn
  Sun Jun 7 01:30:12 2026
  from Sydney, Nsw via Telnet
- Centurion
  Sat Jun 6 23:27:30 2026
  from Berea, Ohio via Telnet
- Ab Cadd
  Sat Jun 6 15:42:53 2026
  from Sheboygan, Wi via Telnet
- Centurion
  Sat Jun 6 15:32:28 2026
  from Berea, Ohio via Telnet
- Krenn
  Sat Jun 6 11:38:56 2026
  from Sydney, Nsw via Telnet
- Furryboy
  Sat Jun 6 10:56:29 2026
  from Romania, Galati via SSH
- Centurion
  Fri Jun 5 22:28:01 2026
  from Berea, Ohio via Telnet

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	715
Nodes:	16 (3 / 13)
Uptime:	157:55:37
Calls:	12,094
Calls today:	2
Files:	15,000
Messages:	6,517,755

[SECURITY] [DSA 1946-1] New belpic packages fix cryptographic weakness

Who's Online

Recent Visitors

System Info