RSSfeed
10th December 2008, 01:00
Description:
================================================== =========Ubuntu Security Notice USN-678-2 December 09, 2008gnutls12, gnutls13, gnutls26 regressionhttps://launchpad.net/bugs/305264============================================ ===============A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 7.10Ubuntu 8.04 LTSUbuntu 8.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: libgnutls12 1.2.9-2ubuntu1.4Ubuntu 7.10: libgnutls13 1.6.3-1ubuntu0.3Ubuntu 8.04 LTS: libgnutls13 2.0.4-1ubuntu2.3Ubuntu 8.10: libgnutls26 2.4.1-1ubuntu0.2In general, a standard system upgrade is sufficient to effect thenecessary changes.Details follow:USN-678-1 fixed a vulnerability in GnuTLS. The upstream patch introduced aregression when validating some certificate chains. This update fixes theproblem.We apologize for the inconvenience.Original advisory details: Martin von Gagern discovered that GnuTLS did not properly verify certificate chains when the last certificate in the chain was self-signed. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. (CVE-2008-4989)
Läs mer... (http://www.ubuntu.com/usn/usn-678-2)
Inlägget är automatiskt hämtat från www.ubuntu.com (http://www.ubuntu.com)
================================================== =========Ubuntu Security Notice USN-678-2 December 09, 2008gnutls12, gnutls13, gnutls26 regressionhttps://launchpad.net/bugs/305264============================================ ===============A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 7.10Ubuntu 8.04 LTSUbuntu 8.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: libgnutls12 1.2.9-2ubuntu1.4Ubuntu 7.10: libgnutls13 1.6.3-1ubuntu0.3Ubuntu 8.04 LTS: libgnutls13 2.0.4-1ubuntu2.3Ubuntu 8.10: libgnutls26 2.4.1-1ubuntu0.2In general, a standard system upgrade is sufficient to effect thenecessary changes.Details follow:USN-678-1 fixed a vulnerability in GnuTLS. The upstream patch introduced aregression when validating some certificate chains. This update fixes theproblem.We apologize for the inconvenience.Original advisory details: Martin von Gagern discovered that GnuTLS did not properly verify certificate chains when the last certificate in the chain was self-signed. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. (CVE-2008-4989)
Läs mer... (http://www.ubuntu.com/usn/usn-678-2)
Inlägget är automatiskt hämtat från www.ubuntu.com (http://www.ubuntu.com)