--------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2006-181014 Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=181014 2006-02-12 --------------------------------------------------------------------- Name : gnutls Versions : fc3: Summary : A TLS implementation. Description : The GNU TLS Library provides support for cryptographic algorithms and protocols such as TLS. GNU TLS includes Libtasn1, a library developed for ASN.1 structures management that includes DER encoding and decoding. --------------------------------------------------------------------- Update Information: Updated gnutls packages that fix a security issue are now available. The GNU TLS Library provides support for cryptographic algorithms and protocols such as TLS. GNU TLS includes Libtasn1, a library developed for ASN.1 structures management that includes DER encoding and decoding. Several flaws were found in the way libtasn1 decodes DER. An attacker could create a carefully crafted invalid X.509 certificate in such a way that could trigger this flaw if parsed by an application that uses GNU TLS. This could lead to a denial of service (application crash). It is not certain if this issue could be escalated to allow arbitrary code execution. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0645 to this issue. Users are advised to upgrade to these updated packages, which contain a backported patch from the GNU TLS maintainers to correct this issue. --------------------------------------------------------------------- Changelogs fc3: * Sun Feb 12 2006 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 1.0.20-3.1.3.legacy - Added missing zlib-devel to BuildPrereq * Sat Feb 11 2006 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 1.0.20-3.1.2.legacy - Added patch for GnuTLS x509 DER DoS - CVE-2006-0645 --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) fc3: 87b93af583ea3abaa48337b0a8c71cba97a45410 fedora/3/updates-testing/i386/gnutls-1.0.20-3.1.3.legacy.i386.rpm dca7e6e11093d7b8528d82cc9c3f5f1b1c78ea23 fedora/3/updates-testing/i386/gnutls-devel-1.0.20-3.1.3.legacy.i386.rpm 87b93af583ea3abaa48337b0a8c71cba97a45410 fedora/3/updates-testing/x86_64/gnutls-1.0.20-3.1.3.legacy.i386.rpm 742be40634dc2a32b245f78caf610d0a6b45cb75 fedora/3/updates-testing/x86_64/gnutls-1.0.20-3.1.3.legacy.x86_64.rpm 762630c8973f02bcc934adc8f5a946383f8479cc fedora/3/updates-testing/x86_64/gnutls-devel-1.0.20-3.1.3.legacy.x86_64.rpm cce2a463b57be400362624f09dc49a4fdde09305 fedora/3/updates-testing/SRPMS/gnutls-1.0.20-3.1.3.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla.
Attachment:
signature.asc
Description: OpenPGP digital signature
-- fedora-legacy-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-legacy-list
