===================================================================== CERT-Renater Note d'Information No. 2005/VULN310 _____________________________________________________________________ DATE : 19/05/2005 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Systems running gnutls. ====================================================================== _______________________________________________________________________ Mandriva Linux Security Update Advisory _______________________________________________________________________ Package name: gnutls Advisory ID: MDKSA-2005:084 Date: May 12th, 2005 Affected versions: 10.1, 10.2 ______________________________________________________________________ Problem Description: Two vulnerabilities were discovered in the GnuTLS library. The first is a vulnerability in the way GnuTLS does record packet parsing; the second is a flaw in the RSA key export functionality. These could be exploited by a remote attacker to cause a Denial of Service to any program using the GnuTLS library. The provided packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1431 ______________________________________________________________________ Updated Packages: Mandrakelinux 10.1: 3901ab03e31589ff09a17703c64834a7 10.1/RPMS/gnutls-1.0.13-1.1.101mdk.i586.rpm 9330b4d1e79efe3aba750ce9a5a17853 10.1/RPMS/libgnutls11-1.0.13-1.1.101mdk.i586.rpm 82bf186492340e2b873639b4e7c56346 10.1/RPMS/libgnutls11-devel-1.0.13-1.1.101mdk.i586.rpm b0f68343453fb1c092b495e2d278af16 10.1/SRPMS/gnutls-1.0.13-1.1.101mdk.src.rpm Mandrakelinux 10.1/X86_64: 7249cbf6e89c219cacce161ef912b722 x86_64/10.1/RPMS/gnutls-1.0.13-1.1.101mdk.x86_64.rpm 2aaf5157c4639258204a8239456a1dcc x86_64/10.1/RPMS/lib64gnutls11-1.0.13-1.1.101mdk.x86_64.rpm 4f2d1bc7f1ef8dfde81e1e471531d8a7 x86_64/10.1/RPMS/lib64gnutls11-devel-1.0.13-1.1.101mdk.x86_64.rpm b0f68343453fb1c092b495e2d278af16 x86_64/10.1/SRPMS/gnutls-1.0.13-1.1.101mdk.src.rpm Mandrakelinux 10.2: e806886f50d1143d859a58deca01be12 10.2/RPMS/gnutls-1.0.23-2.1.102mdk.i586.rpm 7be1c94df46ca3c351ec02ea577e9684 10.2/RPMS/libgnutls11-1.0.23-2.1.102mdk.i586.rpm 53f40a8e37fc739408ab555aebb8731b 10.2/RPMS/libgnutls11-devel-1.0.23-2.1.102mdk.i586.rpm 7ccd73cf5cd83af889657a95a6b499ae 10.2/SRPMS/gnutls-1.0.23-2.1.102mdk.src.rpm Mandrakelinux 10.2/X86_64: e09497fcb976f203ab4ab79a969fbfc2 x86_64/10.2/RPMS/gnutls-1.0.23-2.1.102mdk.x86_64.rpm d2ff2b32ee329ceaa4da394119b67f8d x86_64/10.2/RPMS/lib64gnutls11-1.0.23-2.1.102mdk.x86_64.rpm 4c7b5da9adf83eab8bc4305ac7484b07 x86_64/10.2/RPMS/lib64gnutls11-devel-1.0.23-2.1.102mdk.x86_64.rpm 7ccd73cf5cd83af889657a95a6b499ae x86_64/10.2/SRPMS/gnutls-1.0.23-2.1.102mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================