| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 13 Feb 2006 21:24:00 -0700 From: security@...driva.com To: bugtraq@...urityfocus.com Subject: [ MDKSA-2006:039 ] - Updated gnutls packages fix libtasn1 out-of-bounds access vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2006:039 http://www.mandriva.com/security/ _______________________________________________________________________ Package : gnutls Date : February 13, 2006 Affected: 10.1, 10.2, 2006.0 _______________________________________________________________________ Problem Description: Evgeny Legerov discovered cases of possible out-of-bounds access in the DER decoding schemes of libtasn1, when provided with invalid input. This library is bundled with gnutls. The provided packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0645 _______________________________________________________________________ Updated Packages: Mandriva Linux 10.1: 854980401ea37c7ffc74837684dda112 10.1/RPMS/gnutls-1.0.13-1.2.101mdk.i586.rpm a7dbf3fc153f1cd47a70562c2f35583a 10.1/RPMS/libgnutls11-1.0.13-1.2.101mdk.i586.rpm 8f68fb4a8d295539c7067365b13e04fc 10.1/RPMS/libgnutls11-devel-1.0.13-1.2.101mdk.i586.rpm 9df50e7e944f3ceb82428920e3bafe15 10.1/SRPMS/gnutls-1.0.13-1.2.101mdk.src.rpm Mandriva Linux 10.1/X86_64: 3fb98a2a65b1b0b0555ddff0e61a4a7b x86_64/10.1/RPMS/gnutls-1.0.13-1.2.101mdk.x86_64.rpm d5ff612ea97c5668e7848e32de9b899c x86_64/10.1/RPMS/lib64gnutls11-1.0.13-1.2.101mdk.x86_64.rpm 45fbf72c634244ae61d6ed480a14b299 x86_64/10.1/RPMS/lib64gnutls11-devel-1.0.13-1.2.101mdk.x86_64.rpm 9df50e7e944f3ceb82428920e3bafe15 x86_64/10.1/SRPMS/gnutls-1.0.13-1.2.101mdk.src.rpm Mandriva Linux 10.2: dd212f4fd56ded6d63c67e6d2f95ccec 10.2/RPMS/gnutls-1.0.23-2.2.102mdk.i586.rpm 66cf0d26c552ed36223834a386e78bda 10.2/RPMS/libgnutls11-1.0.23-2.2.102mdk.i586.rpm 4cfb3fdfec9bb89fc3c3f0427320f226 10.2/RPMS/libgnutls11-devel-1.0.23-2.2.102mdk.i586.rpm efb634eaa2e492a97d5a1c133ba203d0 10.2/SRPMS/gnutls-1.0.23-2.2.102mdk.src.rpm Mandriva Linux 10.2/X86_64: 0660da8e12eeb87752c711815ae28772 x86_64/10.2/RPMS/gnutls-1.0.23-2.2.102mdk.x86_64.rpm 014d51131f651270d1794b1870aed135 x86_64/10.2/RPMS/lib64gnutls11-1.0.23-2.2.102mdk.x86_64.rpm 2835b640d5dc9a44d97f2bd6d4742898 x86_64/10.2/RPMS/lib64gnutls11-devel-1.0.23-2.2.102mdk.x86_64.rpm efb634eaa2e492a97d5a1c133ba203d0 x86_64/10.2/SRPMS/gnutls-1.0.23-2.2.102mdk.src.rpm Mandriva Linux 2006.0: 2dfb7ff638e5460a96629f12b33c12d5 2006.0/RPMS/gnutls-1.0.25-2.1.20060mdk.i586.rpm baacaaf99353a45d410291a3b9588c5e 2006.0/RPMS/libgnutls11-1.0.25-2.1.20060mdk.i586.rpm 6eb83ab7dcff2dbfd0da0cff97d87e1d 2006.0/RPMS/libgnutls11-devel-1.0.25-2.1.20060mdk.i586.rpm 0558c6186fc001fa409d5802d6b09876 2006.0/SRPMS/gnutls-1.0.25-2.1.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 811e7ba9b1a8df7e7055d2719f8e8265 x86_64/2006.0/RPMS/gnutls-1.0.25-2.1.20060mdk.x86_64.rpm 0eb960f072648f8ae1e6c2f2b204ddd1 x86_64/2006.0/RPMS/lib64gnutls11-1.0.25-2.1.20060mdk.x86_64.rpm 6c767b46c44d485c8b62150336c73948 x86_64/2006.0/RPMS/lib64gnutls11-devel-1.0.25-2.1.20060mdk.x86_64.rpm 0558c6186fc001fa409d5802d6b09876 x86_64/2006.0/SRPMS/gnutls-1.0.25-2.1.20060mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFD8S4qmqjQ0CJFipgRAj4XAJ4347J7gCsR250n5fRIxIvy2PNzCACfa2v1 Z4gWlfsU/2DdjVjs17T1SUI= =c7Oo -----END PGP SIGNATURE-----
Powered by blists - more mailing lists