Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[SECURITY] [DSA 1935-1] New gnutls23/gnutls26 packages fix SSL certificate verification weakness
From: Giuseppe Iuculano <iuculano () debian org>
Date: Tue, 17 Nov 2009 14:46:36 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA-1935-1                    security () debian org
http://www.debian.org/security/                          Giuseppe Iuculano
November 17th, 2009                     http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Packages       : gnutls13 gnutls26
Vulnerability  : several vulnerabilities
Problem type   : remote
Debian-specific: no
Debian bug     : 541439
CVE Ids        : CVE-2009-2409 CVE-2009-2730


Dan Kaminsky and Moxie Marlinspike discovered that gnutls, an implementation of
the TLS/SSL protocol, does not properly handle a '\0' character in a domain name
in the subject's Common Name or Subject Alternative Name (SAN) field of an X.509
certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL
servers via a crafted certificate issued by a legitimate Certification
Authority. (CVE-2009-2730)

In addition, with this update, certificates with MD2 hash signatures are no
longer accepted since they're no longer considered cryptograhically secure. It
only affects the oldstable distribution (etch).(CVE-2009-2409)

For the oldstable distribution (etch), these problems have been fixed in version
1.4.4-3+etch5 for gnutls13.

For the stable distribution (lenny), these problems have been fixed in version
2.4.2-6+lenny2 for gnutls26.

For the testing distribution (squeeze), and the  unstable distribution (sid),
these problems have been fixed in version 2.8.3-1 for gnutls26.

We recommend that you upgrade your gnutls13/gnutls26 packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Debian (oldstable)
- ------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/g/gnutls13/gnutls13_1.4.4.orig.tar.gz
    Size/MD5 checksum:  4752009 c06ada020e2b69caa51833175d59f8b2
  http://security.debian.org/pool/updates/main/g/gnutls13/gnutls13_1.4.4-3+etch5.dsc
    Size/MD5 checksum:      968 0d1e0d44616d6f6a53b6c1f567849f56
  http://security.debian.org/pool/updates/main/g/gnutls13/gnutls13_1.4.4-3+etch5.diff.gz
    Size/MD5 checksum:    22775 f6ddd230b956dec89fccf43ea9f64c20

Architecture independent packages:

  http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-doc_1.4.4-3+etch5_all.deb
    Size/MD5 checksum:  2320326 d29321b23395f3bd314b9eee58f351e3

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch5_alpha.deb
    Size/MD5 checksum:   524412 3cec75cb5cc88eb5232c4f29690daf9c
  http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch5_alpha.deb
    Size/MD5 checksum:   196642 9c9f57aad568b9a401d6c1d01d2d7b8d
  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch5_alpha.deb
    Size/MD5 checksum:   328464 e5323045e55edea08408bfb9b47d31bc
  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch5_alpha.deb
    Size/MD5 checksum:   547790 454e9579fc03822ba624f1b95a2233db

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch5_amd64.deb
    Size/MD5 checksum:   389592 c223bf87fc20485989fac3d45781479e
  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch5_amd64.deb
    Size/MD5 checksum:   539538 aa4f2394318c69cfb830b0b9ff60910f
  http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch5_amd64.deb
    Size/MD5 checksum:   183748 179c1000c3fb9eb03ccc4e4d13be31b7
  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch5_amd64.deb
    Size/MD5 checksum:   314988 147a2771b4a5ec7f0d96b261568876a9

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch5_arm.deb
    Size/MD5 checksum:   511366 a4d8c9026f1796c25cb2b7c52ef2a3ed
  http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch5_arm.deb
    Size/MD5 checksum:   170044 b6bde115c495dce839a52c7429f0dbf2
  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch5_arm.deb
    Size/MD5 checksum:   355394 dd804a20100e1ea6e952822f10f7439b
  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch5_arm.deb
    Size/MD5 checksum:   283498 d1812b33b152335943b56b27766b06b1

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch5_hppa.deb
    Size/MD5 checksum:   184760 2c91694636ada0deaf3d6bf5282b2e39
  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch5_hppa.deb
    Size/MD5 checksum:   435846 9aca168f530875a37e2f642e4eedf8d7
  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch5_hppa.deb
    Size/MD5 checksum:   522290 0c7d5b25764b7417614b060bfd75ba0b
  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch5_hppa.deb
    Size/MD5 checksum:   313032 8ce1083248396d54bfa7e5e48d8d539f

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch5_i386.deb
    Size/MD5 checksum:   361204 cebc5c072963706a77e1de7a4e3007ff
  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch5_i386.deb
    Size/MD5 checksum:   526762 fc875479e7073f653d1861466b161c4f
  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch5_i386.deb
    Size/MD5 checksum:   283234 e631928f6b98dfb87101c95a3ef05d5b
  http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch5_i386.deb
    Size/MD5 checksum:   173680 3452c95f32e6385391700792ad29f178

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch5_ia64.deb
    Size/MD5 checksum:   528676 fc9737d4f76e4f100d49369640c14410
  http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch5_ia64.deb
    Size/MD5 checksum:   229464 bbc0fa1b84059efe0bb237bee57a813a
  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch5_ia64.deb
    Size/MD5 checksum:   395210 d2939943712f32f8a2ece29c5b8997e6
  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch5_ia64.deb
    Size/MD5 checksum:   550718 e47c23d4c04d653b1b17f21eff5fe995

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch5_mips.deb
    Size/MD5 checksum:   279672 3eca03ed4ee8700a0fb7c4a290c02035
  http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch5_mips.deb
    Size/MD5 checksum:   183084 8d8218914a3b18501f727b7d2423e7bd
  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch5_mips.deb
    Size/MD5 checksum:   418826 a38125c2aa8353e0db7628f58c48501d
  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch5_mips.deb
    Size/MD5 checksum:   554026 999ec1b017db3b9b01f992482e34e834

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch5_mipsel.deb
    Size/MD5 checksum:   182966 f74f61b271ef2dacc697da994de63c6e
  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch5_mipsel.deb
    Size/MD5 checksum:   542526 8d5d1b10a2b699baec693032bd7c8220
  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch5_mipsel.deb
    Size/MD5 checksum:   278144 fefb167c9b703c941a74b31cc1e57386
  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch5_mipsel.deb
    Size/MD5 checksum:   417548 295cac79e17bb91af79994dd42beff12

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch5_powerpc.deb
    Size/MD5 checksum:   539140 f5c6093941de4bad63a9358937d9e9bf
  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch5_powerpc.deb
    Size/MD5 checksum:   289256 a6ba2fe745aefb77298904838dbe89c3
  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch5_powerpc.deb
    Size/MD5 checksum:   389278 6b95f79d0ab35bfead0aba6d264fadf6
  http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch5_powerpc.deb
    Size/MD5 checksum:   184878 93e1dfdab5f4aefc0441efbc8b3629e3

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch5_s390.deb
    Size/MD5 checksum:   311948 f12b41557a868704cc4b0c3d523d7152
  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch5_s390.deb
    Size/MD5 checksum:   380612 22613e21463f904382ee8396d7bcb560
  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch5_s390.deb
    Size/MD5 checksum:   537998 7433adff9256f314176abde8a8f5189f
  http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch5_s390.deb
    Size/MD5 checksum:   184766 b1c26cac411fdf46bc70110c5d63bda1

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch5_sparc.deb
    Size/MD5 checksum:   380326 edb042b81a29e7ebb1f6e76012344721
  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch5_sparc.deb
    Size/MD5 checksum:   491774 0006fe36e413ac3d043261d3ea255f54
  http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch5_sparc.deb
    Size/MD5 checksum:   169592 a64346f82d82c65663eb5a7c841575e0
  http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch5_sparc.deb
    Size/MD5 checksum:   271534 0a2ae15d598949739a8cac53cfd1a686


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/g/gnutls26/gnutls26_2.4.2-6+lenny2.diff.gz
    Size/MD5 checksum:    22541 cf40d750533c71674457d06009bb0782
  http://security.debian.org/pool/updates/main/g/gnutls26/gnutls26_2.4.2-6+lenny2.dsc
    Size/MD5 checksum:     1613 11f849268b5a2eaa380f9ead0adfb115
  http://security.debian.org/pool/updates/main/g/gnutls26/gnutls26_2.4.2.orig.tar.gz
    Size/MD5 checksum:  5984345 8fea7c57f4badcafcd31eb0f981f169a

Architecture independent packages:

  http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-doc_2.4.2-6+lenny2_all.deb
    Size/MD5 checksum:  2761832 515f3fe721d0ff35dd94d213f6a63c1d

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny2_alpha.deb
    Size/MD5 checksum:   218632 e9bfc365dd3e67e7d2fa3f1e2abe69d9
  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny2_alpha.deb
    Size/MD5 checksum:   748238 20538636930652560875eb2cbad30db5
  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny2_alpha.deb
    Size/MD5 checksum:   515934 f6deaa1519b88b14a7d49cfb52239a6d
  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny2_alpha.deb
    Size/MD5 checksum:  1143310 c72c8cc75bb5872c3ee76d9741015ebf
  http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny2_alpha.deb
    Size/MD5 checksum:   298230 1c4f2fcffc99ccfb4df1c66b82d7a28d

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny2_amd64.deb
    Size/MD5 checksum:   285466 2771d1bd8e7bd6e3aabed272fe978ee8
  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny2_amd64.deb
    Size/MD5 checksum:   587384 2ad87b2c3d54aceaf3e4f7c54f8fed98
  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny2_amd64.deb
    Size/MD5 checksum:  1137154 dee3ab7e6a5f614841dcb54ab18c2d87
  http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny2_amd64.deb
    Size/MD5 checksum:   216556 3ef162abcab4745ed09e7d23c5e65967
  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny2_amd64.deb
    Size/MD5 checksum:   506906 6a4ef62028952937923c6708bab643e4

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny2_arm.deb
    Size/MD5 checksum:   206572 ebda0a0cebf25d34c08536c3333e8107
  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny2_arm.deb
    Size/MD5 checksum:   446094 8618d03f2815c756e249752d43c21e94
  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny2_arm.deb
    Size/MD5 checksum:  1071036 95ca4f0094561941ec4eb5ae64b9aa92
  http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny2_arm.deb
    Size/MD5 checksum:   269802 c755c7a41a44cbf43c0de503d72a346c
  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny2_arm.deb
    Size/MD5 checksum:   528212 609e43315302a8f69c94b611565309bb

armel architecture (ARM EABI)

  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny2_armel.deb
    Size/MD5 checksum:   530970 47450c2aa5500ac11c20ea97da9a39a5
  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny2_armel.deb
    Size/MD5 checksum:  1076498 013949caf00bb4c09c6a938cc9e1663f
  http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny2_armel.deb
    Size/MD5 checksum:   266782 11690d1391b24583f46e5d4c5e52c496
  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny2_armel.deb
    Size/MD5 checksum:   453366 650e7db38325c50b6b6400d41fab6e3e
  http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny2_armel.deb
    Size/MD5 checksum:   206556 8ef962910e5e42d012333145a7bc5605

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny2_hppa.deb
    Size/MD5 checksum:   623332 a71ae72f1b083de29e38be2377e5f801
  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny2_hppa.deb
    Size/MD5 checksum:  1092220 0ee7714f23bc078deb4b06e1902143a2
  http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny2_hppa.deb
    Size/MD5 checksum:   288222 5265c4a75dc4ccf047d6618977c347b5
  http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny2_hppa.deb
    Size/MD5 checksum:   216368 0a70676d3d6438687f8e0ad7bc60e46e
  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny2_hppa.deb
    Size/MD5 checksum:   490244 948e9671cbdf50eed5a0c8381855c312

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny2_i386.deb
    Size/MD5 checksum:   464294 e7c49812fe0f7e30ef2b161586afcb9e
  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny2_i386.deb
    Size/MD5 checksum:  1091520 5d34ba25dbce51d201bd5a59e1a7be1d
  http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny2_i386.deb
    Size/MD5 checksum:   269416 f6131b2bb1ed2cfda08e12a5d2ff7924
  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny2_i386.deb
    Size/MD5 checksum:   538716 afe8584d673272b885a933aeb474b57a
  http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny2_i386.deb
    Size/MD5 checksum:   211260 d66a4b3d2c9b16ae10e22e187f6f49d4

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny2_ia64.deb
    Size/MD5 checksum:   783302 c84f0b7f414238a52a308c5c25408745
  http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny2_ia64.deb
    Size/MD5 checksum:   341950 8376cd61be6ed247cac0ed841956b3bf
  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny2_ia64.deb
    Size/MD5 checksum:   933244 4720f477f77f2ed23a7d3d8664e29dfb
  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny2_ia64.deb
    Size/MD5 checksum:   608048 612e75ae6b520813f37c3061a6d93115

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny2_mips.deb
    Size/MD5 checksum:   612326 0a3fd65aab1aebece219144928875655
  http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny2_mips.deb
    Size/MD5 checksum:   204168 481c3f5b56f66a5d3329121aab270e35
  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny2_mips.deb
    Size/MD5 checksum:  1156518 6207ed31c70b935dcbc9947b7f932413
  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny2_mips.deb
    Size/MD5 checksum:   450508 d84e9b08891328982adbfb715d5661d8
  http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny2_mips.deb
    Size/MD5 checksum:   277200 86d9f508062854355749ce61f08454f3

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny2_mipsel.deb
    Size/MD5 checksum:   447986 941adce495faf0246f500cad682eecf9
  http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny2_mipsel.deb
    Size/MD5 checksum:   276896 e202c2e264c68e517f5adf6e8c1754da
  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny2_mipsel.deb
    Size/MD5 checksum:  1135302 63c1c0f1d0fd295ca2ff404cc1d26d4d
  http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny2_mipsel.deb
    Size/MD5 checksum:   203662 3ab214e0b28c9e58cf8a0055610bf941
  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny2_mipsel.deb
    Size/MD5 checksum:   608742 89860b25c70999416ecf1d55e8349633

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny2_s390.deb
    Size/MD5 checksum:   216318 d5f5f6f3a1e9890442cbaa95add449c7
  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny2_s390.deb
    Size/MD5 checksum:  1130814 126787b5691cd8301b26d785a4612509
  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny2_s390.deb
    Size/MD5 checksum:   566688 b9098ac0484dbc9788d6305a4cb042b4
  http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny2_s390.deb
    Size/MD5 checksum:   289924 58f71ff0b729d1d4656db37a39e09468
  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny2_s390.deb
    Size/MD5 checksum:   496000 6bc48e6d342fd1226ba2e3b649ce80bd

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny2_sparc.deb
    Size/MD5 checksum:   438672 262013091fcac289b5fcc6420e25b287
  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny2_sparc.deb
    Size/MD5 checksum:  1023036 2157723b3f9cf676a80cbcedc892cad1
  http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny2_sparc.deb
    Size/MD5 checksum:   556984 079e6f596226d14e673bad1cefd487fc
  http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny2_sparc.deb
    Size/MD5 checksum:   209502 c01e31234b9a6dcd4ade38354a1cc4ef
  http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny2_sparc.deb
    Size/MD5 checksum:   276656 f0a16e2061a5bf67e58db0ff2b1a570a


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce () lists debian org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAksCqTwACgkQHYflSXNkfP9qmACdEy7+wOGrR6IOoY6Xq/aANRo2
61QAn3kZr4APE34L1qsgGc5/bFijAykh
=Qi+6
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • [SECURITY] [DSA 1935-1] New gnutls23/gnutls26 packages fix SSL certificate verification weakness Giuseppe Iuculano (Nov 17)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]