Ubuntu Security Notice 365-1: libksba vulnerability: A parsing failure was discovered in the handling of X.509 certificates that contained extra trailing data. Malformed or malicious certificates could cause services using libksba to crash, potentially creating denial of service.
ab7b00fb25260404dfc20d5397b9b6b9d36402ffab9fde6bd994aa9318071578
--doKZ0ri6bHmN2Q5y
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=20
Ubuntu Security Notice USN-365-1 October 16, 2006
libksba vulnerability
CVE-2006-5111
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
A security issue affects the following Ubuntu releases:
Ubuntu 5.04
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 5.04:
libksba8 0.9.9-2ubuntu0.5.04
After a standard system upgrade you need to restart your session to
effect the necessary changes.
Details follow:
A parsing failure was discovered in the handling of X.509 certificates=20
that contained extra trailing data. Malformed or malicious certificates
could cause services using libksba to crash, potentially creating a=20
denial of service.
Updated packages for Ubuntu 5.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libk/libksba/libksba_0.9.9-=
2ubuntu0.5.04.diff.gz
Size/MD5: 256789 7814506294c66d47a7acc67325acf5ba
http://security.ubuntu.com/ubuntu/pool/main/libk/libksba/libksba_0.9.9-=
2ubuntu0.5.04.dsc
Size/MD5: 675 b3398604d25bcbcb7dda502b0b36428d
http://security.ubuntu.com/ubuntu/pool/main/libk/libksba/libksba_0.9.9.=
orig.tar.gz
Size/MD5: 398846 458c6880f6cb191b65a6436877e413b8
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/libk/libksba/libksba-dev_0.=
9.9-2ubuntu0.5.04_amd64.deb
Size/MD5: 132624 475f536666cc3b96aee0ccc6c9b3847d
http://security.ubuntu.com/ubuntu/pool/main/libk/libksba/libksba8_0.9.9=
-2ubuntu0.5.04_amd64.deb
Size/MD5: 92024 7eda61b96dedbdf5b73437819e3cbfc3
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/libk/libksba/libksba-dev_0.=
9.9-2ubuntu0.5.04_i386.deb
Size/MD5: 118938 af9a322a0a826922f505c4949b1c67ad
http://security.ubuntu.com/ubuntu/pool/main/libk/libksba/libksba8_0.9.9=
-2ubuntu0.5.04_i386.deb
Size/MD5: 83352 49589a5bd441daf84384ed46809c296b
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/libk/libksba/libksba-dev_0.=
9.9-2ubuntu0.5.04_powerpc.deb
Size/MD5: 133464 665fb8a0e1672bfbef24a23abde1eb18
http://security.ubuntu.com/ubuntu/pool/main/libk/libksba/libksba8_0.9.9=
-2ubuntu0.5.04_powerpc.deb
Size/MD5: 87838 2869d3fec34920fb112502a49fd995d6
--doKZ0ri6bHmN2Q5y
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFFNBttH/9LqRcGPm0RAvqvAJ9IKq0cTqXtBI/W9c5Wz1PUqfDKnwCcDS9g
9eD+lofVa5PRxvHkXMPh5Vo=
=ptAr
-----END PGP SIGNATURE-----
--doKZ0ri6bHmN2Q5y--