DSA 1935-1: New gnutls23/gnutls26 packages fix SSL certificate verification weakness  

Posted by Daniela Mehler

"-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA-1935-1 security@debian.org
http://www.debian.org/security/ Giuseppe Iuculano
November 17th, 2009 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Packages : gnutls13 gnutls26
Vulnerability : several vulnerabilities
Problem type : remote
Debian-specific: no
Debian bug : 541439
CVE Ids : CVE-2009-2409 CVE-2009-2730


Dan Kaminsky and Moxie Marlinspike discovered that gnutls, an implementation of
the TLS/SSL protocol, does not properly handle a '' character in a domain name
in the subject's Common Name or Subject Alternative Name (SAN) field of an X.509
certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL
servers via a crafted certificate issued by a legitimate Certification
Authority. (CVE-2009-2730)

In addition, with this update, certificates with MD2 hash signatures are no
longer accepted since they're no longer considered cryptograhically secure. It
only affects the oldstable distribution (etch).(CVE-2009-2409)

For the oldstable distribution (etch), these problems have been fixed in version
1.4.4-3+etch5 for gnutls13.

For the stable distribution (lenny), these problems have been fixed in version
2.4.2-6+lenny2 for gnutls26.

For the testing distribution (squeeze), and the unstable distribution (sid),
these problems have been fixed in version 2.8.3-1 for gnutls26.

We recommend that you upgrade your gnutls13/gnutls26 packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Debian (oldstable)
- ------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/g/gnutls13/gnutls13_1.4.4.orig.tar.gz
Size/MD5 checksum: 4752009 c06ada020e2b69caa51833175d59f8b2
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls13_1.4.4-3+etch5.dsc
Size/MD5 checksum: 968 0d1e0d44616d6f6a53b6c1f567849f56
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls13_1.4.4-3+etch5.diff.gz
Size/MD5 checksum: 22775 f6ddd230b956dec89fccf43ea9f64c20

Architecture independent packages:

http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-doc_1.4.4-3+etch5_all.deb
Size/MD5 checksum: 2320326 d29321b23395f3bd314b9eee58f351e3

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch5_alpha.deb
Size/MD5 checksum: 524412 3cec75cb5cc88eb5232c4f29690daf9c
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch5_alpha.deb
Size/MD5 checksum: 196642 9c9f57aad568b9a401d6c1d01d2d7b8d
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch5_alpha.deb
Size/MD5 checksum: 328464 e5323045e55edea08408bfb9b47d31bc
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch5_alpha.deb
Size/MD5 checksum: 547790 454e9579fc03822ba624f1b95a2233db

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch5_amd64.deb
Size/MD5 checksum: 389592 c223bf87fc20485989fac3d45781479e
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch5_amd64.deb
Size/MD5 checksum: 539538 aa4f2394318c69cfb830b0b9ff60910f
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch5_amd64.deb
Size/MD5 checksum: 183748 179c1000c3fb9eb03ccc4e4d13be31b7
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch5_amd64.deb
Size/MD5 checksum: 314988 147a2771b4a5ec7f0d96b261568876a9

arm architecture (ARM)

http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch5_arm.deb
Size/MD5 checksum: 511366 a4d8c9026f1796c25cb2b7c52ef2a3ed
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch5_arm.deb
Size/MD5 checksum: 170044 b6bde115c495dce839a52c7429f0dbf2
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch5_arm.deb
Size/MD5 checksum: 355394 dd804a20100e1ea6e952822f10f7439b
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch5_arm.deb
Size/MD5 checksum: 283498 d1812b33b152335943b56b27766b06b1

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch5_hppa.deb
Size/MD5 checksum: 184760 2c91694636ada0deaf3d6bf5282b2e39
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch5_hppa.deb
Size/MD5 checksum: 435846 9aca168f530875a37e2f642e4eedf8d7
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch5_hppa.deb
Size/MD5 checksum: 522290 0c7d5b25764b7417614b060bfd75ba0b
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch5_hppa.deb
Size/MD5 checksum: 313032 8ce1083248396d54bfa7e5e48d8d539f

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch5_i386.deb
Size/MD5 checksum: 361204 cebc5c072963706a77e1de7a4e3007ff
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch5_i386.deb
Size/MD5 checksum: 526762 fc875479e7073f653d1861466b161c4f
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch5_i386.deb
Size/MD5 checksum: 283234 e631928f6b98dfb87101c95a3ef05d5b
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch5_i386.deb
Size/MD5 checksum: 173680 3452c95f32e6385391700792ad29f178

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch5_ia64.deb
Size/MD5 checksum: 528676 fc9737d4f76e4f100d49369640c14410
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch5_ia64.deb
Size/MD5 checksum: 229464 bbc0fa1b84059efe0bb237bee57a813a
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch5_ia64.deb
Size/MD5 checksum: 395210 d2939943712f32f8a2ece29c5b8997e6
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch5_ia64.deb
Size/MD5 checksum: 550718 e47c23d4c04d653b1b17f21eff5fe995

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch5_mips.deb
Size/MD5 checksum: 279672 3eca03ed4ee8700a0fb7c4a290c02035
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch5_mips.deb
Size/MD5 checksum: 183084 8d8218914a3b18501f727b7d2423e7bd
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch5_mips.deb
Size/MD5 checksum: 418826 a38125c2aa8353e0db7628f58c48501d
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch5_mips.deb
Size/MD5 checksum: 554026 999ec1b017db3b9b01f992482e34e834

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch5_mipsel.deb
Size/MD5 checksum: 182966 f74f61b271ef2dacc697da994de63c6e
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch5_mipsel.deb
Size/MD5 checksum: 542526 8d5d1b10a2b699baec693032bd7c8220
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch5_mipsel.deb
Size/MD5 checksum: 278144 fefb167c9b703c941a74b31cc1e57386
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch5_mipsel.deb
Size/MD5 checksum: 417548 295cac79e17bb91af79994dd42beff12

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch5_powerpc.deb
Size/MD5 checksum: 539140 f5c6093941de4bad63a9358937d9e9bf
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch5_powerpc.deb
Size/MD5 checksum: 289256 a6ba2fe745aefb77298904838dbe89c3
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch5_powerpc.deb
Size/MD5 checksum: 389278 6b95f79d0ab35bfead0aba6d264fadf6
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch5_powerpc.deb
Size/MD5 checksum: 184878 93e1dfdab5f4aefc0441efbc8b3629e3

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch5_s390.deb
Size/MD5 checksum: 311948 f12b41557a868704cc4b0c3d523d7152
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch5_s390.deb
Size/MD5 checksum: 380612 22613e21463f904382ee8396d7bcb560
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch5_s390.deb
Size/MD5 checksum: 537998 7433adff9256f314176abde8a8f5189f
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch5_s390.deb
Size/MD5 checksum: 184766 b1c26cac411fdf46bc70110c5d63bda1

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch5_sparc.deb
Size/MD5 checksum: 380326 edb042b81a29e7ebb1f6e76012344721
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch5_sparc.deb
Size/MD5 checksum: 491774 0006fe36e413ac3d043261d3ea255f54
http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch5_sparc.deb
Size/MD5 checksum: 169592 a64346f82d82c65663eb5a7c841575e0
http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch5_sparc.deb
Size/MD5 checksum: 271534 0a2ae15d598949739a8cac53cfd1a686


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/g/gnutls26/gnutls26_2.4.2-6+lenny2.diff.gz
Size/MD5 checksum: 22541 cf40d750533c71674457d06009bb0782
http://security.debian.org/pool/updates/main/g/gnutls26/gnutls26_2.4.2-6+lenny2.dsc
Size/MD5 checksum: 1613 11f849268b5a2eaa380f9ead0adfb115
http://security.debian.org/pool/updates/main/g/gnutls26/gnutls26_2.4.2.orig.tar.gz
Size/MD5 checksum: 5984345 8fea7c57f4badcafcd31eb0f981f169a

Architecture independent packages:

http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-doc_2.4.2-6+lenny2_all.deb
Size/MD5 checksum: 2761832 515f3fe721d0ff35dd94d213f6a63c1d

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny2_alpha.deb
Size/MD5 checksum: 218632 e9bfc365dd3e67e7d2fa3f1e2abe69d9
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny2_alpha.deb
Size/MD5 checksum: 748238 20538636930652560875eb2cbad30db5
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny2_alpha.deb
Size/MD5 checksum: 515934 f6deaa1519b88b14a7d49cfb52239a6d
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny2_alpha.deb
Size/MD5 checksum: 1143310 c72c8cc75bb5872c3ee76d9741015ebf
http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny2_alpha.deb
Size/MD5 checksum: 298230 1c4f2fcffc99ccfb4df1c66b82d7a28d

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny2_amd64.deb
Size/MD5 checksum: 285466 2771d1bd8e7bd6e3aabed272fe978ee8
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny2_amd64.deb
Size/MD5 checksum: 587384 2ad87b2c3d54aceaf3e4f7c54f8fed98
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny2_amd64.deb
Size/MD5 checksum: 1137154 dee3ab7e6a5f614841dcb54ab18c2d87
http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny2_amd64.deb
Size/MD5 checksum: 216556 3ef162abcab4745ed09e7d23c5e65967
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny2_amd64.deb
Size/MD5 checksum: 506906 6a4ef62028952937923c6708bab643e4

arm architecture (ARM)

http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny2_arm.deb
Size/MD5 checksum: 206572 ebda0a0cebf25d34c08536c3333e8107
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny2_arm.deb
Size/MD5 checksum: 446094 8618d03f2815c756e249752d43c21e94
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny2_arm.deb
Size/MD5 checksum: 1071036 95ca4f0094561941ec4eb5ae64b9aa92
http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny2_arm.deb
Size/MD5 checksum: 269802 c755c7a41a44cbf43c0de503d72a346c
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny2_arm.deb
Size/MD5 checksum: 528212 609e43315302a8f69c94b611565309bb

armel architecture (ARM EABI)

http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny2_armel.deb
Size/MD5 checksum: 530970 47450c2aa5500ac11c20ea97da9a39a5
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny2_armel.deb
Size/MD5 checksum: 1076498 013949caf00bb4c09c6a938cc9e1663f
http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny2_armel.deb
Size/MD5 checksum: 266782 11690d1391b24583f46e5d4c5e52c496
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny2_armel.deb
Size/MD5 checksum: 453366 650e7db38325c50b6b6400d41fab6e3e
http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny2_armel.deb
Size/MD5 checksum: 206556 8ef962910e5e42d012333145a7bc5605

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny2_hppa.deb
Size/MD5 checksum: 623332 a71ae72f1b083de29e38be2377e5f801
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny2_hppa.deb
Size/MD5 checksum: 1092220 0ee7714f23bc078deb4b06e1902143a2
http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny2_hppa.deb
Size/MD5 checksum: 288222 5265c4a75dc4ccf047d6618977c347b5
http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny2_hppa.deb
Size/MD5 checksum: 216368 0a70676d3d6438687f8e0ad7bc60e46e
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny2_hppa.deb
Size/MD5 checksum: 490244 948e9671cbdf50eed5a0c8381855c312

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny2_i386.deb
Size/MD5 checksum: 464294 e7c49812fe0f7e30ef2b161586afcb9e
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny2_i386.deb
Size/MD5 checksum: 1091520 5d34ba25dbce51d201bd5a59e1a7be1d
http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny2_i386.deb
Size/MD5 checksum: 269416 f6131b2bb1ed2cfda08e12a5d2ff7924
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny2_i386.deb
Size/MD5 checksum: 538716 afe8584d673272b885a933aeb474b57a
http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny2_i386.deb
Size/MD5 checksum: 211260 d66a4b3d2c9b16ae10e22e187f6f49d4

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny2_ia64.deb
Size/MD5 checksum: 783302 c84f0b7f414238a52a308c5c25408745
http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny2_ia64.deb
Size/MD5 checksum: 341950 8376cd61be6ed247cac0ed841956b3bf
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny2_ia64.deb
Size/MD5 checksum: 933244 4720f477f77f2ed23a7d3d8664e29dfb
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny2_ia64.deb
Size/MD5 checksum: 608048 612e75ae6b520813f37c3061a6d93115

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny2_mips.deb
Size/MD5 checksum: 612326 0a3fd65aab1aebece219144928875655
http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny2_mips.deb
Size/MD5 checksum: 204168 481c3f5b56f66a5d3329121aab270e35
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny2_mips.deb
Size/MD5 checksum: 1156518 6207ed31c70b935dcbc9947b7f932413
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny2_mips.deb
Size/MD5 checksum: 450508 d84e9b08891328982adbfb715d5661d8
http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny2_mips.deb
Size/MD5 checksum: 277200 86d9f508062854355749ce61f08454f3

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny2_mipsel.deb
Size/MD5 checksum: 447986 941adce495faf0246f500cad682eecf9
http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny2_mipsel.deb
Size/MD5 checksum: 276896 e202c2e264c68e517f5adf6e8c1754da
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny2_mipsel.deb
Size/MD5 checksum: 1135302 63c1c0f1d0fd295ca2ff404cc1d26d4d
http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny2_mipsel.deb
Size/MD5 checksum: 203662 3ab214e0b28c9e58cf8a0055610bf941
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny2_mipsel.deb
Size/MD5 checksum: 608742 89860b25c70999416ecf1d55e8349633

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny2_s390.deb
Size/MD5 checksum: 216318 d5f5f6f3a1e9890442cbaa95add449c7
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny2_s390.deb
Size/MD5 checksum: 1130814 126787b5691cd8301b26d785a4612509
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny2_s390.deb
Size/MD5 checksum: 566688 b9098ac0484dbc9788d6305a4cb042b4
http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny2_s390.deb
Size/MD5 checksum: 289924 58f71ff0b729d1d4656db37a39e09468
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny2_s390.deb
Size/MD5 checksum: 496000 6bc48e6d342fd1226ba2e3b649ce80bd

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny2_sparc.deb
Size/MD5 checksum: 438672 262013091fcac289b5fcc6420e25b287
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny2_sparc.deb
Size/MD5 checksum: 1023036 2157723b3f9cf676a80cbcedc892cad1
http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny2_sparc.deb
Size/MD5 checksum: 556984 079e6f596226d14e673bad1cefd487fc
http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny2_sparc.deb
Size/MD5 checksum: 209502 c01e31234b9a6dcd4ade38354a1cc4ef
http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny2_sparc.deb
Size/MD5 checksum: 276656 f0a16e2061a5bf67e58db0ff2b1a570a


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAksCqTwACgkQHYflSXNkfP9qmACdEy7+wOGrR6IOoY6Xq/aANRo2
61QAn3kZr4APE34L1qsgGc5/bFijAykh
=Qi+6
-----END PGP SIGNATURE-----
"

DSA 1912-2: New advi packages fix arbitrary code executionThe Big Reunion Festival gets ready to party

This entry was posted on 3:20 PM .