[SECURITY] [DSA 1719-2] New GNUTLS packages fix regression

2009-02-28T11:44:55
ID DEBIAN:DSA-1719-2:D3BA5
Type debian
Reporter Debian
Modified 2009-02-28T11:44:55

Description


Debian Security Advisory DSA-1719-2 security@debian.org http://www.debian.org/security/ Florian Weimer February 28, 2009 http://www.debian.org/security/faq


Package : gnutls13, gnutls26 Vulnerability : design flaw Problem type : remote Debian-specific: no CVE Id(s) : CVE-2008-4989 Debian Bug : 505360

Changes in DSA-1719-1 caused GNUTLS to reject X.509v1 certificates as CA root certificates by default, as originally described in the documentation. However, it turned out that there is still significant use of historic X.509v1 CA root certificates, so this constitutes an unacceptable regression. This update reverses this part of the changes in DSA-1719-1. Note that the X.509v1 certificate format does not distinguish between server and CA certificates, which means that an X.509v1 server certificates is implicitly converted into a CA certificate when added to the trust store (which was the reason for the change in DSA-1719-1).

The current stable distribution (lenny) was released with the changes in DSA-1719-1 already applied, and this update reverses the changes concerning X.509v1 CA certificates for this distribution, too.

For the old stable distribution (etch), this problem has been fixed in version 1.4.4-3+etch4.

For the stable distribution (lenny), this problem has been fixed in version 2.4.2-6+lenny1.

We recommend that you upgrade your GNUTLS packages.

Upgrade instructions


wget url will fetch the file for you dpkg -i file.deb will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update will update the internal database apt-get upgrade will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch


Source archives:

http://security.debian.org/pool/updates/main/g/gnutls13/gnutls13_1.4.4.orig.tar.gz Size/MD5 checksum: 4752009 c06ada020e2b69caa51833175d59f8b2 http://security.debian.org/pool/updates/main/g/gnutls13/gnutls13_1.4.4-3+etch4.diff.gz Size/MD5 checksum: 21337 fd8b423c5f4a11af2c60eda979df9b00 http://security.debian.org/pool/updates/main/g/gnutls13/gnutls13_1.4.4-3+etch4.dsc Size/MD5 checksum: 1259 229287edc239349b5014f2d31890912a

Architecture independent packages:

http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-doc_1.4.4-3+etch4_all.deb Size/MD5 checksum: 2305134 4809b5a15fa8554dbf0cc7331ed0128a

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch4_amd64.deb Size/MD5 checksum: 389308 c6aa74857be44068f4e0d1f1322e30af http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch4_amd64.deb Size/MD5 checksum: 314864 9ea77f3b9e6fb21d899786f0f14d714c http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch4_amd64.deb Size/MD5 checksum: 183034 8e1dae14f9ea57b112fe260b1b0d4133 http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch4_amd64.deb Size/MD5 checksum: 539598 223f5f50236b96400405a7c2ea4af3b9

arm architecture (ARM)

http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch4_arm.deb Size/MD5 checksum: 353164 9f47a15eb353836c9f02bc7621c8ee2f http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch4_arm.deb Size/MD5 checksum: 281742 977162dcbafd9a88bb5715d1295c7cab http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch4_arm.deb Size/MD5 checksum: 509214 d64fac5c2a6aeaaf47ae8aa0f99aa841 http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch4_arm.deb Size/MD5 checksum: 169820 ace0fc294e2f61d61a163ebf6ea98af9

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch4_i386.deb Size/MD5 checksum: 525750 944d1f780c8ea773d8d01d1839d0f8cd http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch4_i386.deb Size/MD5 checksum: 281910 5b2168a10c343bb48d7ff6b063f90b26 http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch4_i386.deb Size/MD5 checksum: 173350 5cd3104555a852ed354265c3d4921924 http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch4_i386.deb Size/MD5 checksum: 359610 8ca01d76b60baa1164782aacfa7f12da

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch4_ia64.deb Size/MD5 checksum: 229280 3de3e4fad552e820d9b62b4a161b6807 http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch4_ia64.deb Size/MD5 checksum: 550354 c66467b0a8ea04ff8695f0f51dc23fa0 http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch4_ia64.deb Size/MD5 checksum: 394816 c7e52cfc951d1395eafc88d600be8082 http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch4_ia64.deb Size/MD5 checksum: 528264 0c5a00e683ed44c8e70bd7788fa544f3

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch4_mips.deb Size/MD5 checksum: 418556 517105132650631d491e16951f50f4ea http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch4_mips.deb Size/MD5 checksum: 182930 1dd9d1855f0a76002afa0283859be901 http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch4_mips.deb Size/MD5 checksum: 279350 ad784dd6ef0a0225c3cb05a123899109 http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch4_mips.deb Size/MD5 checksum: 553722 8775869e9a8c161ac775484fb4266412

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch4_mipsel.deb Size/MD5 checksum: 277854 c918ae14c6f090db47d8524bb960da86 http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch4_mipsel.deb Size/MD5 checksum: 182814 2fac3eef97e8d358133428efc41be2a8 http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch4_mipsel.deb Size/MD5 checksum: 417234 9bf2baa3edb0f726eb712182c76255d8 http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch4_mipsel.deb Size/MD5 checksum: 542104 c332743916f758cd9ab65ac0d6acf835

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch4_powerpc.deb Size/MD5 checksum: 184706 6ab0e02d76e0e399379601cd8017ee5a http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch4_powerpc.deb Size/MD5 checksum: 538836 d6c1e636a1cfebfa39013abc8f7de22a http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch4_powerpc.deb Size/MD5 checksum: 289006 3a5f173773e21f77e5c361c7c83cad95 http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch4_powerpc.deb Size/MD5 checksum: 388930 e784341c5933f4bd1e6e6ebd07f6fee4

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch4_s390.deb Size/MD5 checksum: 184614 c7587959cdf1216f4bdea48a9a637152 http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch4_s390.deb Size/MD5 checksum: 311684 f5716c1530abed02d290464f7cada72c http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch4_s390.deb Size/MD5 checksum: 537542 4fadf059fb5875cc990de83a79a1b7a3 http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch4_s390.deb Size/MD5 checksum: 380358 8bc9700e54e895947bc4ee2b399dfee3

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch4_sparc.deb Size/MD5 checksum: 491496 e24ea4ca4cbc14f35791523c4f955932 http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch4_sparc.deb Size/MD5 checksum: 169438 c872e4a810ab75450b90c79e3ea7fe3f http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch4_sparc.deb Size/MD5 checksum: 271296 7fe33d25598be79b4bd58d5ea5e0258f http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch4_sparc.deb Size/MD5 checksum: 380138 10c4452d13237bda8e15c5ee5be878c6

Debian GNU/Linux 5.0 alias lenny


Source archives:

http://security.debian.org/pool/updates/main/g/gnutls26/gnutls26_2.4.2-6+lenny1.diff.gz Size/MD5 checksum: 20298 e6bb02c6522cf6b6842e0b38c633a087 http://security.debian.org/pool/updates/main/g/gnutls26/gnutls26_2.4.2-6+lenny1.dsc Size/MD5 checksum: 1904 3410a16fe6f7dcce25f1c55946357dc6 http://security.debian.org/pool/updates/main/g/gnutls26/gnutls26_2.4.2.orig.tar.gz Size/MD5 checksum: 5984345 8fea7c57f4badcafcd31eb0f981f169a

Architecture independent packages:

http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-doc_2.4.2-6+lenny1_all.deb Size/MD5 checksum: 2751582 9c920495e79d03f377d96ed94915a378

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny1_alpha.deb Size/MD5 checksum: 746956 6ba68bc991abcd886314ca52fb301f0d http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny1_alpha.deb Size/MD5 checksum: 516830 6db84226b03e84bdd6e143b9c372f6ff http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny1_alpha.deb Size/MD5 checksum: 301862 13e22f528ab7a5f196111d187889e8d7 http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny1_alpha.deb Size/MD5 checksum: 1141862 fc33865426c76c54994c076aa4dc55ec http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny1_alpha.deb Size/MD5 checksum: 217774 aa5c315542532f504fa0f40e6756d3ee

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny1_amd64.deb Size/MD5 checksum: 285624 48f7e580aed0f99e92eeee384c97cc21 http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny1_amd64.deb Size/MD5 checksum: 215802 2ed45e368aabeb938f90fee4b3cf4668 http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny1_amd64.deb Size/MD5 checksum: 1136770 db82f80deb858958e98ff3fd1422dd2c http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny1_amd64.deb Size/MD5 checksum: 586148 c95ef6b6b2af28fc7a8bfebe60703092 http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny1_amd64.deb Size/MD5 checksum: 505908 e560d1c33d60f9b8c9748d6f70a2ccbc

arm architecture (ARM)

http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny1_arm.deb Size/MD5 checksum: 527790 87252e8649cdf5f317a3ac193c68c70d http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny1_arm.deb Size/MD5 checksum: 269682 250998601126d1a5ae82be7db086a0f7 http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny1_arm.deb Size/MD5 checksum: 1070766 59d90bba4d2287794ed753021ecbbf02 http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny1_arm.deb Size/MD5 checksum: 445782 e31938233bab678b943a3f4c2dd1ea56 http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny1_arm.deb Size/MD5 checksum: 206486 4b388bbcc3c79008786c8aac9c387376

armel architecture (ARM EABI)

http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny1_armel.deb Size/MD5 checksum: 206812 1f067f477dd0408255ee75810107c8c0 http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny1_armel.deb Size/MD5 checksum: 452356 908efc56e9b571d0f2ba965566924064 http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny1_armel.deb Size/MD5 checksum: 1076694 25ddb450f16240a9ef522b9cf8e0b176 http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny1_armel.deb Size/MD5 checksum: 530178 e314774bf8163d3ab38693798eba8718 http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny1_armel.deb Size/MD5 checksum: 271192 6fe14120a5ecf84cce73420a58306f3f

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny1_i386.deb Size/MD5 checksum: 1093972 e84fc62e663d53231d7238b97a75cb2e http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny1_i386.deb Size/MD5 checksum: 538250 f68cc41f9e9b90901a5e8e73ae83de68 http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny1_i386.deb Size/MD5 checksum: 457306 2b4ce30e59d0d9f0924ca5952cd03035 http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny1_i386.deb Size/MD5 checksum: 211152 87efd0f0aec95b071881f3e3540c3afa http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny1_i386.deb Size/MD5 checksum: 270274 61bad9c03e790afb18e4a938cbe2446f

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny1_ia64.deb Size/MD5 checksum: 782620 95712b24bb1114caa021729297664601 http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny1_ia64.deb Size/MD5 checksum: 933118 ba4cf6d4ccbb1701f30f3a875a77615a http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny1_ia64.deb Size/MD5 checksum: 341822 553a30423b78eb84b76168e825b13bea http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny1_ia64.deb Size/MD5 checksum: 607420 29f719a5c0fee969d968753bdd17d92d

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny1_mips.deb Size/MD5 checksum: 450090 9e8b0b237b372fb9564367513b5f6ffb http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny1_mips.deb Size/MD5 checksum: 204034 9bb1b622aa462a4db4e2f1472a507bd0 http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny1_mips.deb Size/MD5 checksum: 611794 1d9e8fec47f7a68b64d57c4d67a8dfa9 http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny1_mips.deb Size/MD5 checksum: 1155814 6dd48f5c93110588df75719fe1da4d99 http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny1_mips.deb Size/MD5 checksum: 277060 ed80ff11b8463272c89d70efa295b8bb

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny1_mipsel.deb Size/MD5 checksum: 276744 b6b3ccdfa730e35c4feda7a0787ece43 http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny1_mipsel.deb Size/MD5 checksum: 1134448 4a3265f360fafa7454e5377091efff7d http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny1_mipsel.deb Size/MD5 checksum: 608204 255d5a1d3e84c596ba4f5cf9debfb8a6 http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny1_mipsel.deb Size/MD5 checksum: 203572 c06441ed377c6e1c4baf8c73bdfc4baf http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny1_mipsel.deb Size/MD5 checksum: 447520 dd41ed0007cb4e3385746f0e289532a4

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny1_powerpc.deb Size/MD5 checksum: 487814 01f1da9942a0e77ac35d39566a22771a http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny1_powerpc.deb Size/MD5 checksum: 218270 62e9e476659217bb4028bd9a87b19047 http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny1_powerpc.deb Size/MD5 checksum: 1134278 4f8242f3dae43f6f9211857739775b01 http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny1_powerpc.deb Size/MD5 checksum: 305018 b91fd4b4f92b83f70c9e7d6c578d3353 http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny1_powerpc.deb Size/MD5 checksum: 578388 ccb884fa2239186f1e71f6dc07c409fc

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny1_s390.deb Size/MD5 checksum: 566204 e62bf4f8d31b18a1b8c8342e19bc3ad2 http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny1_s390.deb Size/MD5 checksum: 289806 e51ed7c4ff9f68882f4a15fcdca96071 http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny1_s390.deb Size/MD5 checksum: 1130046 a1ac3b9c196f7e75bc289a3b22f493d2 http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny1_s390.deb Size/MD5 checksum: 216206 1ce8f67ca2b9f739394f10724f420923 http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny1_s390.deb Size/MD5 checksum: 495762 5455f27aaaeba4f915c926a30cab67b7

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny1_sparc.deb Size/MD5 checksum: 275976 36ce4af3d5cc465dbde5f5a2aae79412 http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny1_sparc.deb Size/MD5 checksum: 209024 fa624b91e2aaace19fd3e8811c58db93 http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny1_sparc.deb Size/MD5 checksum: 555742 73d68d4ca103be6606211447453d7c1f http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny1_sparc.deb Size/MD5 checksum: 437112 afcefdffc5735c5e3c7560e18b0cf993 http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny1_sparc.deb Size/MD5 checksum: 1021176 0736c346230146549d5871a4572bec13

These files will probably be moved into the stable distribution on its next update.


For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>