Ubuntu Security Notice USN-348-1
18th September, 2006
gnutls11, gnutls12 vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 6.06 LTS
- Ubuntu 5.10
- Ubuntu 5.04
Details
The GnuTLS library did not sufficiently check the padding of PKCS #1
v1.5 signatures if the exponent of the public key is 3 (which is
widely used for CAs). This could be exploited to forge signatures
without the need of the secret key.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 6.06 LTS:
- libgnutls12 1.2.9-2ubuntu1.1
- libgnutls11 1.0.16-14ubuntu1.1
- Ubuntu 5.10:
- libgnutls11 1.0.16-13.1ubuntu1.2
- Ubuntu 5.04:
- libgnutls11 1.0.16-13ubuntu0.3
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
After a standard system upgrade you need to reboot your computer to
effect the necessary changes.