drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in gnutls
Name: |
Denial of Service in gnutls |
|
ID: |
FLSA:181014 |
|
Distribution: |
Fedora Legacy |
|
Plattformen: |
Fedora Core 3 |
|
Datum: |
Di, 28. Februar 2006, 01:58 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0645 |
|
Applikationen: |
GNU Transport Layer Security Library |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --===============1198081019== Content-type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary=------------enig612221325412491E1077937A
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig612221325412491E1077937A Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit
--------------------------------------------------------------------- Fedora Legacy Update Advisory
Synopsis: Updated gnutls packages fix a security issue Advisory ID: FLSA:181014 Issue date: 2006-02-27 Product: Fedora Core Keywords: Bugfix CVE Names: CVE-2006-0645 ---------------------------------------------------------------------
--------------------------------------------------------------------- 1. Topic:
Updated gnutls packages that fix a security issue are now available.
The GNU TLS Library provides support for cryptographic algorithms and protocols such as TLS. GNU TLS includes Libtasn1, a library developed for ASN.1 structures management that includes DER encoding and decoding.
2. Relevant releases/architectures:
Fedora Core 3 - i386, x86_64
3. Problem description:
Several flaws were found in the way libtasn1 decodes DER. An attacker could create a carefully crafted invalid X.509 certificate in such a way that could trigger this flaw if parsed by an application that uses GNU TLS. This could lead to a denial of service (application crash). It is not certain if this issue could be escalated to allow arbitrary code execution. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0645 to this issue.
Users are advised to upgrade to these updated packages, which contain a backported patch from the GNU TLS maintainers to correct this issue.
4. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs.
Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue:
yum update
or to use apt:
apt-get update; apt-get upgrade
This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get.
5. Bug IDs fixed:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=181014
6. RPMs required:
Fedora Core 3:
SRPM: gnutls-1.0.20-3.1.3.legacy.src.rpm
i386: gnutls-1.0.20-3.1.3.legacy.i386.rpm gnutls-devel-1.0.20-3.1.3.legacy.i386.rpm
x86_64: gnutls-1.0.20-3.1.3.legacy.i386.rpm gnutls-1.0.20-3.1.3.legacy.x86_64.rpm gnutls-devel-1.0.20-3.1.3.legacy.x86_64.rpm
7. Verification:
SHA1 sum Package Name ---------------------------------------------------------------------
87b93af583ea3abaa48337b0a8c71cba97a45410 fedora/3/updates/i386/gnutls-1.0.20-3.1.3.legacy.i386.rpm dca7e6e11093d7b8528d82cc9c3f5f1b1c78ea23 fedora/3/updates/i386/gnutls-devel-1.0.20-3.1.3.legacy.i386.rpm 87b93af583ea3abaa48337b0a8c71cba97a45410 fedora/3/updates/x86_64/gnutls-1.0.20-3.1.3.legacy.i386.rpm 742be40634dc2a32b245f78caf610d0a6b45cb75 fedora/3/updates/x86_64/gnutls-1.0.20-3.1.3.legacy.x86_64.rpm 762630c8973f02bcc934adc8f5a946383f8479cc fedora/3/updates/x86_64/gnutls-devel-1.0.20-3.1.3.legacy.x86_64.rpm cce2a463b57be400362624f09dc49a4fdde09305 fedora/3/updates/SRPMS/gnutls-1.0.20-3.1.3.legacy.src.rpm
These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php
You can verify each package with the following command:
rpm --checksig -v <filename>
If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command:
sha1sum <filename>
8. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0645
9. Contact:
The Fedora Legacy security contact is <secnotice@fedoralegacy.org>. More project details at http://www.fedoralegacy.org
---------------------------------------------------------------------
--------------enig612221325412491E1077937A Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.1 (GNU/Linux)
iD8DBQFEA6AsLMAs/0C4zNoRAo4XAKC+RvhPrlDU9rGdTPkzWQiHBEI/wgCZAQyV zMb98EoZm3DANcyj6BGXbtM= =L63m -----END PGP SIGNATURE-----
--------------enig612221325412491E1077937A--
--===============1198081019== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- Fedora-legacy-announce mailing list Fedora-legacy-announce@redhat.com https://www.redhat.com/mailman/listinfo/fedora-legacy-announce --===============1198081019==--
|
|
|
|