Fedora Legacy Test Update Notification: gnutls

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2006-181014
Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=181014
2006-02-12
---------------------------------------------------------------------

Name        : gnutls
Versions    : fc3:
Summary     : A TLS implementation.
Description :
The GNU TLS Library provides support for cryptographic algorithms and
protocols such as TLS. GNU TLS includes Libtasn1, a library developed
for ASN.1 structures management that includes DER encoding and decoding.
---------------------------------------------------------------------
Update Information:

Updated gnutls packages that fix a security issue are now available.

The GNU TLS Library provides support for cryptographic algorithms and
protocols such as TLS. GNU TLS includes Libtasn1, a library developed
for ASN.1 structures management that includes DER encoding and decoding.

Several flaws were found in the way libtasn1 decodes DER. An attacker
could create a carefully crafted invalid X.509 certificate in such a way
that could trigger this flaw if parsed by an application that uses GNU
TLS. This could lead to a denial of service (application crash). It is
not certain if this issue could be escalated to allow arbitrary code
execution. The Common Vulnerabilities and Exposures project assigned the
name CVE-2006-0645 to this issue.

Users are advised to upgrade to these updated packages, which contain a
backported patch from the GNU TLS maintainers to correct this issue.

---------------------------------------------------------------------
Changelogs

fc3:
* Sun Feb 12 2006 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx>
1.0.20-3.1.3.legacy
- Added missing zlib-devel to BuildPrereq

* Sat Feb 11 2006 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx>
1.0.20-3.1.2.legacy
- Added patch for GnuTLS x509 DER DoS - CVE-2006-0645

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/
(sha1sums)

fc3:
87b93af583ea3abaa48337b0a8c71cba97a45410
fedora/3/updates-testing/i386/gnutls-1.0.20-3.1.3.legacy.i386.rpm
dca7e6e11093d7b8528d82cc9c3f5f1b1c78ea23
fedora/3/updates-testing/i386/gnutls-devel-1.0.20-3.1.3.legacy.i386.rpm
87b93af583ea3abaa48337b0a8c71cba97a45410
fedora/3/updates-testing/x86_64/gnutls-1.0.20-3.1.3.legacy.i386.rpm
742be40634dc2a32b245f78caf610d0a6b45cb75
fedora/3/updates-testing/x86_64/gnutls-1.0.20-3.1.3.legacy.x86_64.rpm
762630c8973f02bcc934adc8f5a946383f8479cc
fedora/3/updates-testing/x86_64/gnutls-devel-1.0.20-3.1.3.legacy.x86_64.rpm
cce2a463b57be400362624f09dc49a4fdde09305
fedora/3/updates-testing/SRPMS/gnutls-1.0.20-3.1.3.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.

Attachment: signature.asc
Description: OpenPGP digital signature

--

fedora-legacy-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-legacy-list

[Index of Archives]     [Fedora Development]     [Fedora Announce]     [Fedora Legacy Announce]     [Fedora Config]     [PAM]     [Fedora General Discussion]     [Big List of Linux Books]     [Gimp]     [Yosemite Questions]

  Powered by Linux