Fedora Legacy Test Update Notification: gnutls

Marc Deslauriers marcdeslauriers at videotron.ca
Mon Feb 13 00:45:52 UTC 2006 

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2006-181014
Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=181014
2006-02-12
---------------------------------------------------------------------

Name        : gnutls
Versions    : fc3:
Summary     : A TLS implementation.
Description :
The GNU TLS Library provides support for cryptographic algorithms and
protocols such as TLS. GNU TLS includes Libtasn1, a library developed
for ASN.1 structures management that includes DER encoding and decoding.
---------------------------------------------------------------------
Update Information:

Updated gnutls packages that fix a security issue are now available.

The GNU TLS Library provides support for cryptographic algorithms and
protocols such as TLS. GNU TLS includes Libtasn1, a library developed
for ASN.1 structures management that includes DER encoding and decoding.

Several flaws were found in the way libtasn1 decodes DER. An attacker
could create a carefully crafted invalid X.509 certificate in such a way
that could trigger this flaw if parsed by an application that uses GNU
TLS. This could lead to a denial of service (application crash). It is
not certain if this issue could be escalated to allow arbitrary code
execution. The Common Vulnerabilities and Exposures project assigned the
name CVE-2006-0645 to this issue.

Users are advised to upgrade to these updated packages, which contain a
backported patch from the GNU TLS maintainers to correct this issue.

---------------------------------------------------------------------
Changelogs

fc3:
* Sun Feb 12 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
1.0.20-3.1.3.legacy
- Added missing zlib-devel to BuildPrereq

* Sat Feb 11 2006 Marc Deslauriers <marcdeslauriers at videotron.ca>
1.0.20-3.1.2.legacy
- Added patch for GnuTLS x509 DER DoS - CVE-2006-0645

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/
(sha1sums)

fc3:
87b93af583ea3abaa48337b0a8c71cba97a45410
fedora/3/updates-testing/i386/gnutls-1.0.20-3.1.3.legacy.i386.rpm
dca7e6e11093d7b8528d82cc9c3f5f1b1c78ea23
fedora/3/updates-testing/i386/gnutls-devel-1.0.20-3.1.3.legacy.i386.rpm
87b93af583ea3abaa48337b0a8c71cba97a45410
fedora/3/updates-testing/x86_64/gnutls-1.0.20-3.1.3.legacy.i386.rpm
742be40634dc2a32b245f78caf610d0a6b45cb75
fedora/3/updates-testing/x86_64/gnutls-1.0.20-3.1.3.legacy.x86_64.rpm
762630c8973f02bcc934adc8f5a946383f8479cc
fedora/3/updates-testing/x86_64/gnutls-devel-1.0.20-3.1.3.legacy.x86_64.rpm
cce2a463b57be400362624f09dc49a4fdde09305
fedora/3/updates-testing/SRPMS/gnutls-1.0.20-3.1.3.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20060212/6d013422/attachment.sig>

More information about the fedora-legacy-list mailing list