CVE-2006-4790

Publication date 14 September 2006

Last updated 24 July 2024

Ubuntu priority

verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from correctly verifying X.509 and other certificates that use PKCS, a variant of CVE-2006-4339.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
gnutls11	7.04 feisty	Not in release
	6.10 edgy	Not in release
	6.06 LTS dapper	Fixed 1.0.16-14ubuntu1.1
gnutls12	7.04 feisty	Not in release
	6.10 edgy	Fixed 1.2.11-2ubuntu1
	6.06 LTS dapper	Fixed 1.2.9-2ubuntu1.1
gnutls13	7.04 feisty	Fixed 1.4.0-3ubuntu1
	6.10 edgy	Fixed 1.4.0-3ubuntu1
	6.06 LTS dapper	Not in release

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-348-1
GnuTLS vulnerability
19 September 2006

Other references

https://www.cve.org/CVERecord?id=CVE-2006-4790