Mandriva: Updated gnutls packages fix libtasn1 out-of-bounds access vulnerabilities
Posted by Benjamin D. Thomas   
Mandrake Evgeny Legerov discovered cases of possible out-of-bounds access in the DER decoding schemes of libtasn1, when provided with invalid input. This library is bundled with gnutls. The provided packages have been patched to correct these issues.
 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:039
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : gnutls
 Date    : February 13, 2006
 Affected: 10.1, 10.2, 2006.0
 _______________________________________________________________________
 
 Problem Description:
 
 Evgeny Legerov discovered cases of possible out-of-bounds access
 in the DER decoding schemes of libtasn1, when provided with invalid
 input.  This library is bundled with gnutls.
 
 The provided packages have been patched to correct these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0645
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 10.1:
 854980401ea37c7ffc74837684dda112  10.1/RPMS/gnutls-1.0.13-1.2.101mdk.i586.rpm
 a7dbf3fc153f1cd47a70562c2f35583a  10.1/RPMS/libgnutls11-1.0.13-1.2.101mdk.i586.rpm
 8f68fb4a8d295539c7067365b13e04fc  10.1/RPMS/libgnutls11-devel-1.0.13-1.2.101mdk.i586.rpm
 9df50e7e944f3ceb82428920e3bafe15  10.1/SRPMS/gnutls-1.0.13-1.2.101mdk.src.rpm

 Mandriva Linux 10.1/X86_64:
 3fb98a2a65b1b0b0555ddff0e61a4a7b  x86_64/10.1/RPMS/gnutls-1.0.13-1.2.101mdk.x86_64.rpm
 d5ff612ea97c5668e7848e32de9b899c  x86_64/10.1/RPMS/lib64gnutls11-1.0.13-1.2.101mdk.x86_64.rpm
 45fbf72c634244ae61d6ed480a14b299  x86_64/10.1/RPMS/lib64gnutls11-devel-1.0.13-1.2.101mdk.x86_64.rpm
 9df50e7e944f3ceb82428920e3bafe15  x86_64/10.1/SRPMS/gnutls-1.0.13-1.2.101mdk.src.rpm

 Mandriva Linux 10.2:
 dd212f4fd56ded6d63c67e6d2f95ccec  10.2/RPMS/gnutls-1.0.23-2.2.102mdk.i586.rpm
 66cf0d26c552ed36223834a386e78bda  10.2/RPMS/libgnutls11-1.0.23-2.2.102mdk.i586.rpm
 4cfb3fdfec9bb89fc3c3f0427320f226  10.2/RPMS/libgnutls11-devel-1.0.23-2.2.102mdk.i586.rpm
 efb634eaa2e492a97d5a1c133ba203d0  10.2/SRPMS/gnutls-1.0.23-2.2.102mdk.src.rpm

 Mandriva Linux 10.2/X86_64:
 0660da8e12eeb87752c711815ae28772  x86_64/10.2/RPMS/gnutls-1.0.23-2.2.102mdk.x86_64.rpm
 014d51131f651270d1794b1870aed135  x86_64/10.2/RPMS/lib64gnutls11-1.0.23-2.2.102mdk.x86_64.rpm
 2835b640d5dc9a44d97f2bd6d4742898  x86_64/10.2/RPMS/lib64gnutls11-devel-1.0.23-2.2.102mdk.x86_64.rpm
 efb634eaa2e492a97d5a1c133ba203d0  x86_64/10.2/SRPMS/gnutls-1.0.23-2.2.102mdk.src.rpm

 Mandriva Linux 2006.0:
 2dfb7ff638e5460a96629f12b33c12d5  2006.0/RPMS/gnutls-1.0.25-2.1.20060mdk.i586.rpm
 baacaaf99353a45d410291a3b9588c5e  2006.0/RPMS/libgnutls11-1.0.25-2.1.20060mdk.i586.rpm
 6eb83ab7dcff2dbfd0da0cff97d87e1d  2006.0/RPMS/libgnutls11-devel-1.0.25-2.1.20060mdk.i586.rpm
 0558c6186fc001fa409d5802d6b09876  2006.0/SRPMS/gnutls-1.0.25-2.1.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 811e7ba9b1a8df7e7055d2719f8e8265  x86_64/2006.0/RPMS/gnutls-1.0.25-2.1.20060mdk.x86_64.rpm
 0eb960f072648f8ae1e6c2f2b204ddd1  x86_64/2006.0/RPMS/lib64gnutls11-1.0.25-2.1.20060mdk.x86_64.rpm
 6c767b46c44d485c8b62150336c73948  x86_64/2006.0/RPMS/lib64gnutls11-devel-1.0.25-2.1.20060mdk.x86_64.rpm
 0558c6186fc001fa409d5802d6b09876  x86_64/2006.0/SRPMS/gnutls-1.0.25-2.1.20060mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team