News

=========================================================== Ubuntu Security Notice USN-348-1 September 18, 2006 gnutls11, gnutls12 vulnerability CVE-2006-4790 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 Ubuntu 5.10 Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.04: libgnutls11 1.0.16-13ubuntu0.3 Ubuntu 5.10: libgnutls11 1.0.16-13.1ubuntu1.2 Ubuntu 6.06 LTS: libgnutls11 1.0.16-14ubuntu1.1 libgnutls12 1.2.9-2ubuntu1.1 After a standard system upgrade you need to reboot your computer to effect the necessary changes. Details follow: The GnuTLS library did not sufficiently check the padding of PKCS #1 v1.5 signatures if the exponent of the public key is 3 (which is widely used for CAs). This could be exploited to forge signatures without the need of the secret key.