Debian-Sicherheitsankündigung

DSA-1333-1 libcurl3-gnutls -- Fehlende Eingabeüberprüfung

Datum des Berichts:
18. Jul 2007
Betroffene Pakete:
libcurl3-gnutls
Verwundbar:
Ja
Sicherheitsdatenbanken-Referenzen:
In Mitres CVE-Verzeichnis: CVE-2007-3564.
Weitere Informationen:

Es wurde entdeckt, dass die in libcurl-gnutls, einer soliden, verwendbaren und portablen Mehrprotokollübertragungsbibliothek, implementierten GnuTLS-Zertifikatsüberprüfungsmethoden nicht auf ein abgelaufenes oder ungültiges Datum achteten.

Für die Stable-Distribution (Etch) wurde dieses Problem in Version 7.15.5-1etch1 behoben.

Wir empfehlen Ihnen, Ihr libcurl3-gnutls-Paket zu aktualisieren.

Behoben in:

Debian GNU/Linux 4.0 (etch)

Quellcode:
http://.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch1.dsc
http://.debian.org/pool/updates/main/c/curl/curl_7.15.5.orig.tar.gz
http://.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch1.diff.gz
Architektur-unabhängige Dateien:
http://.debian.org/pool/updates/main/c/curl/libcurl3-dev_7.15.5-1etch1_all.deb
Alpha:
http://.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch1_alpha.deb
http://.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch1_alpha.deb
http://.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch1_alpha.deb
http://.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch1_alpha.deb
http://.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch1_alpha.deb
http://.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch1_alpha.deb
AMD64:
http://.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch1_amd64.deb
http://.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch1_amd64.deb
http://.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch1_amd64.deb
http://.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch1_amd64.deb
http://.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch1_amd64.deb
http://.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch1_amd64.deb
ARM:
http://.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch1_arm.deb
http://.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch1_arm.deb
http://.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch1_arm.deb
http://.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch1_arm.deb
http://.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch1_arm.deb
http://.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch1_arm.deb
HPPA:
http://.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch1_hppa.deb
http://.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch1_hppa.deb
http://.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch1_hppa.deb
http://.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch1_hppa.deb
http://.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch1_hppa.deb
http://.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch1_hppa.deb
Intel IA-32:
http://.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch1_i386.deb
http://.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch1_i386.deb
http://.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch1_i386.deb
http://.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch1_i386.deb
http://.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch1_i386.deb
http://.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch1_i386.deb
Intel IA-64:
http://.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch1_ia64.deb
http://.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch1_ia64.deb
http://.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch1_ia64.deb
http://.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch1_ia64.deb
http://.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch1_ia64.deb
http://.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch1_ia64.deb
Little endian MIPS:
http://.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch1_mipsel.deb
http://.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch1_mipsel.deb
http://.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch1_mipsel.deb
http://.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch1_mipsel.deb
http://.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch1_mipsel.deb
http://.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch1_mipsel.deb
PowerPC:
http://.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch1_powerpc.deb
http://.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch1_powerpc.deb
http://.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch1_powerpc.deb
http://.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch1_powerpc.deb
http://.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch1_powerpc.deb
http://.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch1_powerpc.deb
IBM S/390:
http://.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch1_s390.deb
http://.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch1_s390.deb
http://.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch1_s390.deb
http://.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch1_s390.deb
http://.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch1_s390.deb
http://.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch1_s390.deb
Sun Sparc:
http://.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch1_sparc.deb
http://.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch1_sparc.deb
http://.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch1_sparc.deb
http://.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch1_sparc.deb
http://.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch1_sparc.deb
http://.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch1_sparc.deb

MD5-Prüfsummen der aufgeführten Dateien stehen in der ursprünglichen Sicherheitsankündigung zur Verfügung.