From: Mandriva Security Team <security@mandriva.com.>
To: [email protected]Subject: MDKSA-2005:084 - Updated gnutls packages fix vulnerabilities
Message-Id: <E1DWF8W-0002LY-C9@mercury.mandriva.com.>
Sender: QATeam User <qateam@mercury.mandriva.com.>
Date: Thu, 12 May 2005 08:58:04 -0600
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: gnutls
Advisory ID: MDKSA-2005:084
Date: May 12th, 2005
Affected versions: 10.1, 10.2
______________________________________________________________________
Problem Description:
Two vulnerabilities were discovered in the GnuTLS library. The first
is a vulnerability in the way GnuTLS does record packet parsing; the
second is a flaw in the RSA key export functionality. These could be
exploited by a remote attacker to cause a Denial of Service to any
program using the GnuTLS library.
The provided packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1431
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.1:
3901ab03e31589ff09a17703c64834a7 10.1/RPMS/gnutls-1.0.13-1.1.101mdk.i586.rpm
9330b4d1e79efe3aba750ce9a5a17853 10.1/RPMS/libgnutls11-1.0.13-1.1.101mdk.i586.rpm
82bf186492340e2b873639b4e7c56346 10.1/RPMS/libgnutls11-devel-1.0.13-1.1.101mdk.i586.rpm
b0f68343453fb1c092b495e2d278af16 10.1/SRPMS/gnutls-1.0.13-1.1.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
7249cbf6e89c219cacce161ef912b722 x86_64/10.1/RPMS/gnutls-1.0.13-1.1.101mdk.x86_64.rpm
2aaf5157c4639258204a8239456a1dcc x86_64/10.1/RPMS/lib64gnutls11-1.0.13-1.1.101mdk.x86_64.rpm
4f2d1bc7f1ef8dfde81e1e471531d8a7 x86_64/10.1/RPMS/lib64gnutls11-devel-1.0.13-1.1.101mdk.x86_64.rpm
b0f68343453fb1c092b495e2d278af16 x86_64/10.1/SRPMS/gnutls-1.0.13-1.1.101mdk.src.rpm
Mandrakelinux 10.2:
e806886f50d1143d859a58deca01be12 10.2/RPMS/gnutls-1.0.23-2.1.102mdk.i586.rpm
7be1c94df46ca3c351ec02ea577e9684 10.2/RPMS/libgnutls11-1.0.23-2.1.102mdk.i586.rpm
53f40a8e37fc739408ab555aebb8731b 10.2/RPMS/libgnutls11-devel-1.0.23-2.1.102mdk.i586.rpm
7ccd73cf5cd83af889657a95a6b499ae 10.2/SRPMS/gnutls-1.0.23-2.1.102mdk.src.rpm
Mandrakelinux 10.2/X86_64:
e09497fcb976f203ab4ab79a969fbfc2 x86_64/10.2/RPMS/gnutls-1.0.23-2.1.102mdk.x86_64.rpm
d2ff2b32ee329ceaa4da394119b67f8d x86_64/10.2/RPMS/lib64gnutls11-1.0.23-2.1.102mdk.x86_64.rpm
4c7b5da9adf83eab8bc4305ac7484b07 x86_64/10.2/RPMS/lib64gnutls11-devel-1.0.23-2.1.102mdk.x86_64.rpm
7ccd73cf5cd83af889657a95a6b499ae x86_64/10.2/SRPMS/gnutls-1.0.23-2.1.102mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFCg278mqjQ0CJFipgRAhnvAJ9x26FW+qK8c1bTVet8zxKxUYfrlgCfbsAN
AHt+2bTOHJMwjaMTmppjAWg=
=tLv3
-----END PGP SIGNATURE-----