==========================================================Ubuntu Security Notice USN-948-1              June 03, 2010
gnutls12 vulnerability
CVE-2006-7239
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libgnutls12                     1.2.9-2ubuntu1.8

In general, a standard system update will make all the necessary changes.

Details follow:

It was discovered that GnuTLS did not always properly verify the hash
algorithm of X.509 certificates. If an application linked against GnuTLS
processed a crafted certificate, an attacker could make GnuTLS dereference
a NULL pointer and cause a DoS via application crash.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

          Size/MD5:   558633 cfa2b4b5dca0d47cd1f99e40ec65a39a
          Size/MD5:      827 525c9dffc5df8c6c312af2ea6d387548
          Size/MD5:  3305475 4e1a2e9c22c7d6459d5eb5e6484a19c4

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

          Size/MD5:   492576 1e3a14750f107c78ead283ebacb76750
          Size/MD5:   421484 63c7d9fe2694083aa660deb2c88f48ac
          Size/MD5:   289240 7d7f7c6a6d8eae25717ab86059f7f503
          Size/MD5:   644314 24566e8f7a17f027ac6a03e15ef9f0cc

  i386 architecture (x86 compatible Intel/AMD):

          Size/MD5:   446466 bd160ef2aa91584b1da2552092a9baf4
          Size/MD5:   374316 070a982b790588479d2ff20f3b74467e
          Size/MD5:   273046 d5d27abcb746ec11676bc33e67054ef8
          Size/MD5:   579606 022fc6f598ced60f89df44fc7e344493

  powerpc architecture (Apple Macintosh G3/G4/G5):

          Size/MD5:   485576 265f3737838d55b7086b4532b4782c4f
          Size/MD5:   392298 c64576267ba35071e3849cb3ba0e0c61
          Size/MD5:   289544 03137eecbe12b3b29ffdb1324a0142a7
          Size/MD5:   636974 5ace4beaeeb425e52dc4530b8a2767b8

  sparc architecture (Sun SPARC/UltraSPARC):

          Size/MD5:   482124 fe2acbbf637d0395c89076b55d9d1a49
          Size/MD5:   377674 a2b5715015b403d08c8418ee6505b341
          Size/MD5:   274178 63e516eda8eddd462e3e441e6db8c948
          Size/MD5:   571530 b44f3b90199eca351b71bd5a20108d28

Ubuntu 948-1: GnuTLS vulnerability

June 3, 2010
It was discovered that GnuTLS did not always properly verify the hashalgorithm of X.509 certificates

Summary

Update Instructions

References

Severity
gnutls12 vulnerability

Package Information

Related News

Google Releases Chrome 130 with Critical Security Fixes for 17 Flaws
3 - 5 min read
Google recently unveiled Chrome 130 , an update that addresses several security vulnerabilities to ensure the web browser's safety and reliability.
U.S. Investigation into China-Backed Telecom Companies Hack: The Role & Risks of Encryption Backdoors
3 - 5 min read
U.S. authorities are on high alert as they investigate an alleged Chinese state-sponsored hack targeting major U.S. telecommunications companies.
FASTCash Linux Malware: A New Cybercrime Menace Targeting Payment Switch Systems
3 - 5 min read
As malware threats evolve to increasingly target Linux systems, admins and organizations must stay up-to-date on the latest Linux malware variants
Optimizing CWPP on Linux Servers: Best Practices and Configurations
3 - 6 min read
Cloud Workload Protection Platforms are now essential for securing virtual environments. These provide a robust security layer vital for addressing
The Infiltration of Supply Chain Attacks in Open-Source Software Management
3 - 6 min read
Open-source projects are renowned for their collaborative nature and widespread adoption, yet more sophisticated supply chain attacks target them
Strengthen Your Linux Software Development Pipeline with Code Security Scanners
3 - 6 min read
Developers recognize the critical nature of protecting software systems as cyberattacks grow more sophisticated, thus necessitating robust security
Everything You Need to Know About Cloud Security Posture Management
3 - 5 min read
Many companies are transitioning from physical servers to cloud operations, but this transformation brings new challenges. Cloud Security Posture
Understanding the Critical Oath-Toolkit Vulnerability and Its Implications for Admins
3 - 5 min read
As Linux security threats advance and evolve, vulnerabilities often surface unexpectedly, exposing systems to potential exploitation. SUSE

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved