[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1MeKu5-0006Vp-Ed@titan.mandriva.com>
Date: Fri, 21 Aug 2009 05:35:01 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2009:210 ] gnutls
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:210
http://www.mandriva.com/security/
_______________________________________________________________________
Package : gnutls
Date : August 20, 2009
Affected: 2008.1, 2009.0, 2009.1, Corporate 4.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A vulnerability have been discovered and corrected in GnuTLS
before 2.8.2, which could allow man-in-the-middle attackers to spoof
arbitrary SSL servers via a crafted certificate issued by a legitimate
Certification Authority (CVE-2009-2730).
This update fixes this vulnerability.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2730
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.1:
8f25af9dcaefbf23e1ed7479a9611c13 2008.1/i586/gnutls-2.3.0-3.5mdv2008.1.i586.rpm
2f53d53b692d78f0ee65afeb5393f1ae 2008.1/i586/libgnutls26-2.3.0-3.5mdv2008.1.i586.rpm
3bc7b6ca54f3d8c0736966504d3d3eff 2008.1/i586/libgnutls-devel-2.3.0-3.5mdv2008.1.i586.rpm
27fab203d4f153b5c14b34547ba86d49 2008.1/SRPMS/gnutls-2.3.0-3.5mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
7404cec905b6adb5083953a50588e5e6 2008.1/x86_64/gnutls-2.3.0-3.5mdv2008.1.x86_64.rpm
8d8b6532d22127ff20b5899716d7146b 2008.1/x86_64/lib64gnutls26-2.3.0-3.5mdv2008.1.x86_64.rpm
aeaeed844fb7a7650906ebfaf178ff20 2008.1/x86_64/lib64gnutls-devel-2.3.0-3.5mdv2008.1.x86_64.rpm
27fab203d4f153b5c14b34547ba86d49 2008.1/SRPMS/gnutls-2.3.0-3.5mdv2008.1.src.rpm
Mandriva Linux 2009.0:
2855a45403f0a7292a469f8573476002 2009.0/i586/gnutls-2.4.1-2.5mdv2009.0.i586.rpm
ebb2a3125ba6472a6a9b5c0fdab2adcd 2009.0/i586/libgnutls26-2.4.1-2.5mdv2009.0.i586.rpm
d06b405f95ffb80522360d094ca6b957 2009.0/i586/libgnutls-devel-2.4.1-2.5mdv2009.0.i586.rpm
8ba44446f8da6e5882b136be9032530b 2009.0/SRPMS/gnutls-2.4.1-2.5mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
d1d6f6e9b23cfd422f92c96e70056bc9 2009.0/x86_64/gnutls-2.4.1-2.5mdv2009.0.x86_64.rpm
31b1a501f3f733cb9e31c95fd4a13a30 2009.0/x86_64/lib64gnutls26-2.4.1-2.5mdv2009.0.x86_64.rpm
e0768bff88400770bbf7fd439b3840f1 2009.0/x86_64/lib64gnutls-devel-2.4.1-2.5mdv2009.0.x86_64.rpm
8ba44446f8da6e5882b136be9032530b 2009.0/SRPMS/gnutls-2.4.1-2.5mdv2009.0.src.rpm
Mandriva Linux 2009.1:
bb9cb293b88cbee46796950fd2263d6d 2009.1/i586/gnutls-2.6.4-1.3mdv2009.1.i586.rpm
03c6fedc1895aed56edef3d1d705c3d1 2009.1/i586/libgnutls26-2.6.4-1.3mdv2009.1.i586.rpm
bab68af73a4824410b1f46a36723ba73 2009.1/i586/libgnutls-devel-2.6.4-1.3mdv2009.1.i586.rpm
3979e6cdf9461ddfe4bc281583dd3d16 2009.1/SRPMS/gnutls-2.6.4-1.3mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
9f07205b1ec7fe4a69ca5418643c2b9a 2009.1/x86_64/gnutls-2.6.4-1.3mdv2009.1.x86_64.rpm
a71159cef93cfdf2ae80a37705ee9a7b 2009.1/x86_64/lib64gnutls26-2.6.4-1.3mdv2009.1.x86_64.rpm
0fe993d2682745a7e4e3d46a2efe7c8e 2009.1/x86_64/lib64gnutls-devel-2.6.4-1.3mdv2009.1.x86_64.rpm
3979e6cdf9461ddfe4bc281583dd3d16 2009.1/SRPMS/gnutls-2.6.4-1.3mdv2009.1.src.rpm
Corporate 4.0:
09bedb546faeac75a452b763c27f9bf0 corporate/4.0/i586/gnutls-1.0.25-2.5.20060mlcs4.i586.rpm
5e72278b5cd3c27088450471cc406fe6 corporate/4.0/i586/libgnutls11-1.0.25-2.5.20060mlcs4.i586.rpm
cb0bb76ae2e66750076aebbd1c7cf2b7 corporate/4.0/i586/libgnutls11-devel-1.0.25-2.5.20060mlcs4.i586.rpm
b99927b8c06333d2fc3b025719a9aea3 corporate/4.0/SRPMS/gnutls-1.0.25-2.5.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
31d7f354bf1ad71f45330fea8550688b corporate/4.0/x86_64/gnutls-1.0.25-2.5.20060mlcs4.x86_64.rpm
7ea85fe5e8929334971aa3654e6167ac corporate/4.0/x86_64/lib64gnutls11-1.0.25-2.5.20060mlcs4.x86_64.rpm
e3bccba96d6cc7e1d3b2b9f942bc99a2 corporate/4.0/x86_64/lib64gnutls11-devel-1.0.25-2.5.20060mlcs4.x86_64.rpm
b99927b8c06333d2fc3b025719a9aea3 corporate/4.0/SRPMS/gnutls-1.0.25-2.5.20060mlcs4.src.rpm
Mandriva Enterprise Server 5:
8e389b0ba59e759989619a85e86d12e0 mes5/i586/gnutls-2.4.1-2.5mdvmes5.i586.rpm
82b0a901986a76f14a62acf3fba7e4bd mes5/i586/libgnutls26-2.4.1-2.5mdvmes5.i586.rpm
dd145f04f76282c401a7360f69b04039 mes5/i586/libgnutls-devel-2.4.1-2.5mdvmes5.i586.rpm
6abb8ee215ea3e05ca1a296155d8fe3f mes5/SRPMS/gnutls-2.4.1-2.5mdvmes5.src.rpm
Mandriva Enterprise Server 5/X86_64:
e0170272a46d84626ac93c55c3afe0ac mes5/x86_64/gnutls-2.4.1-2.5mdvmes5.x86_64.rpm
1e376c29b842f9915a2b75396938fe26 mes5/x86_64/lib64gnutls26-2.4.1-2.5mdvmes5.x86_64.rpm
43fb2ca23a17a052d54ebcbac35282ee mes5/x86_64/lib64gnutls-devel-2.4.1-2.5mdvmes5.x86_64.rpm
6abb8ee215ea3e05ca1a296155d8fe3f mes5/SRPMS/gnutls-2.4.1-2.5mdvmes5.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFKjeggmqjQ0CJFipgRAuYNAKCHRb92bFh5h8ziPaXu7Y29yApbwQCfSTTo
AIYtlv2HLQO1sMVHErI8F5s=
=5TBi
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists