USN-348-1: GnuTLS vulnerability

19 September 2006

gnutls11, gnutls12 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 6.06 LTS
  • Ubuntu 5.10
  • Ubuntu 5.04

Software Description

Details

The GnuTLS library did not sufficiently check the padding of PKCS #1 v1.5 signatures if the exponent of the public key is 3 (which is widely used for CAs). This could be exploited to forge signatures without the need of the secret key.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 6.06 LTS
libgnutls11 - 1.0.16-14ubuntu1.1
libgnutls12 - 1.2.9-2ubuntu1.1
Ubuntu 5.10
libgnutls11 - 1.0.16-13.1ubuntu1.2
Ubuntu 5.04
libgnutls11 - 1.0.16-13ubuntu0.3

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system upgrade you need to reboot your computer to effect the necessary changes.

References