lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <E1DWF8W-0002LY-C9@mercury.mandriva.com>
Date: Thu, 12 May 2005 08:58:04 -0600
From: Mandriva Security Team <security@...driva.com>
To: bugtraq@...urityfocus.com
Subject: MDKSA-2005:084 - Updated gnutls packages fix vulnerabilities


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           gnutls
 Advisory ID:            MDKSA-2005:084
 Date:                   May 12th, 2005

 Affected versions:	 10.1, 10.2
 ______________________________________________________________________

 Problem Description:

 Two vulnerabilities were discovered in the GnuTLS library.  The first
 is a vulnerability in the way GnuTLS does record packet parsing; the
 second is a flaw in the RSA key export functionality.  These could be
 exploited by a remote attacker to cause a Denial of Service to any
 program using the GnuTLS library.
 
 The provided packages have been patched to correct these issues.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1431
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.1:
 3901ab03e31589ff09a17703c64834a7  10.1/RPMS/gnutls-1.0.13-1.1.101mdk.i586.rpm
 9330b4d1e79efe3aba750ce9a5a17853  10.1/RPMS/libgnutls11-1.0.13-1.1.101mdk.i586.rpm
 82bf186492340e2b873639b4e7c56346  10.1/RPMS/libgnutls11-devel-1.0.13-1.1.101mdk.i586.rpm
 b0f68343453fb1c092b495e2d278af16  10.1/SRPMS/gnutls-1.0.13-1.1.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 7249cbf6e89c219cacce161ef912b722  x86_64/10.1/RPMS/gnutls-1.0.13-1.1.101mdk.x86_64.rpm
 2aaf5157c4639258204a8239456a1dcc  x86_64/10.1/RPMS/lib64gnutls11-1.0.13-1.1.101mdk.x86_64.rpm
 4f2d1bc7f1ef8dfde81e1e471531d8a7  x86_64/10.1/RPMS/lib64gnutls11-devel-1.0.13-1.1.101mdk.x86_64.rpm
 b0f68343453fb1c092b495e2d278af16  x86_64/10.1/SRPMS/gnutls-1.0.13-1.1.101mdk.src.rpm

 Mandrakelinux 10.2:
 e806886f50d1143d859a58deca01be12  10.2/RPMS/gnutls-1.0.23-2.1.102mdk.i586.rpm
 7be1c94df46ca3c351ec02ea577e9684  10.2/RPMS/libgnutls11-1.0.23-2.1.102mdk.i586.rpm
 53f40a8e37fc739408ab555aebb8731b  10.2/RPMS/libgnutls11-devel-1.0.23-2.1.102mdk.i586.rpm
 7ccd73cf5cd83af889657a95a6b499ae  10.2/SRPMS/gnutls-1.0.23-2.1.102mdk.src.rpm

 Mandrakelinux 10.2/X86_64:
 e09497fcb976f203ab4ab79a969fbfc2  x86_64/10.2/RPMS/gnutls-1.0.23-2.1.102mdk.x86_64.rpm
 d2ff2b32ee329ceaa4da394119b67f8d  x86_64/10.2/RPMS/lib64gnutls11-1.0.23-2.1.102mdk.x86_64.rpm
 4c7b5da9adf83eab8bc4305ac7484b07  x86_64/10.2/RPMS/lib64gnutls11-devel-1.0.23-2.1.102mdk.x86_64.rpm
 7ccd73cf5cd83af889657a95a6b499ae  x86_64/10.2/SRPMS/gnutls-1.0.23-2.1.102mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCg278mqjQ0CJFipgRAhnvAJ9x26FW+qK8c1bTVet8zxKxUYfrlgCfbsAN
AHt+2bTOHJMwjaMTmppjAWg=
=tLv3
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ