LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: November 21st, 2014
Linux Security Week: November 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: Updated gnutls packages fix libtasn1 out-of-bounds access vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake Evgeny Legerov discovered cases of possible out-of-bounds access in the DER decoding schemes of libtasn1, when provided with invalid input. This library is bundled with gnutls. The provided packages have been patched to correct these issues.
 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:039
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : gnutls
 Date    : February 13, 2006
 Affected: 10.1, 10.2, 2006.0
 _______________________________________________________________________
 
 Problem Description:
 
 Evgeny Legerov discovered cases of possible out-of-bounds access
 in the DER decoding schemes of libtasn1, when provided with invalid
 input.  This library is bundled with gnutls.
 
 The provided packages have been patched to correct these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0645
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 10.1:
 854980401ea37c7ffc74837684dda112  10.1/RPMS/gnutls-1.0.13-1.2.101mdk.i586.rpm
 a7dbf3fc153f1cd47a70562c2f35583a  10.1/RPMS/libgnutls11-1.0.13-1.2.101mdk.i586.rpm
 8f68fb4a8d295539c7067365b13e04fc  10.1/RPMS/libgnutls11-devel-1.0.13-1.2.101mdk.i586.rpm
 9df50e7e944f3ceb82428920e3bafe15  10.1/SRPMS/gnutls-1.0.13-1.2.101mdk.src.rpm

 Mandriva Linux 10.1/X86_64:
 3fb98a2a65b1b0b0555ddff0e61a4a7b  x86_64/10.1/RPMS/gnutls-1.0.13-1.2.101mdk.x86_64.rpm
 d5ff612ea97c5668e7848e32de9b899c  x86_64/10.1/RPMS/lib64gnutls11-1.0.13-1.2.101mdk.x86_64.rpm
 45fbf72c634244ae61d6ed480a14b299  x86_64/10.1/RPMS/lib64gnutls11-devel-1.0.13-1.2.101mdk.x86_64.rpm
 9df50e7e944f3ceb82428920e3bafe15  x86_64/10.1/SRPMS/gnutls-1.0.13-1.2.101mdk.src.rpm

 Mandriva Linux 10.2:
 dd212f4fd56ded6d63c67e6d2f95ccec  10.2/RPMS/gnutls-1.0.23-2.2.102mdk.i586.rpm
 66cf0d26c552ed36223834a386e78bda  10.2/RPMS/libgnutls11-1.0.23-2.2.102mdk.i586.rpm
 4cfb3fdfec9bb89fc3c3f0427320f226  10.2/RPMS/libgnutls11-devel-1.0.23-2.2.102mdk.i586.rpm
 efb634eaa2e492a97d5a1c133ba203d0  10.2/SRPMS/gnutls-1.0.23-2.2.102mdk.src.rpm

 Mandriva Linux 10.2/X86_64:
 0660da8e12eeb87752c711815ae28772  x86_64/10.2/RPMS/gnutls-1.0.23-2.2.102mdk.x86_64.rpm
 014d51131f651270d1794b1870aed135  x86_64/10.2/RPMS/lib64gnutls11-1.0.23-2.2.102mdk.x86_64.rpm
 2835b640d5dc9a44d97f2bd6d4742898  x86_64/10.2/RPMS/lib64gnutls11-devel-1.0.23-2.2.102mdk.x86_64.rpm
 efb634eaa2e492a97d5a1c133ba203d0  x86_64/10.2/SRPMS/gnutls-1.0.23-2.2.102mdk.src.rpm

 Mandriva Linux 2006.0:
 2dfb7ff638e5460a96629f12b33c12d5  2006.0/RPMS/gnutls-1.0.25-2.1.20060mdk.i586.rpm
 baacaaf99353a45d410291a3b9588c5e  2006.0/RPMS/libgnutls11-1.0.25-2.1.20060mdk.i586.rpm
 6eb83ab7dcff2dbfd0da0cff97d87e1d  2006.0/RPMS/libgnutls11-devel-1.0.25-2.1.20060mdk.i586.rpm
 0558c6186fc001fa409d5802d6b09876  2006.0/SRPMS/gnutls-1.0.25-2.1.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 811e7ba9b1a8df7e7055d2719f8e8265  x86_64/2006.0/RPMS/gnutls-1.0.25-2.1.20060mdk.x86_64.rpm
 0eb960f072648f8ae1e6c2f2b204ddd1  x86_64/2006.0/RPMS/lib64gnutls11-1.0.25-2.1.20060mdk.x86_64.rpm
 6c767b46c44d485c8b62150336c73948  x86_64/2006.0/RPMS/lib64gnutls11-devel-1.0.25-2.1.20060mdk.x86_64.rpm
 0558c6186fc001fa409d5802d6b09876  x86_64/2006.0/SRPMS/gnutls-1.0.25-2.1.20060mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
How to weed out the next Heartbleed bug: ENISA details crypto worries
Attackers Using Compromised Web Plug-Ins in CryptoPHP Blackhat SEO Campaign
Finally, a New Clue to Solve the CIA’s Mysterious Kryptos Sculpture
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.