[Security Announce] [ MDKSA-2006:039 ] - Updated gnutls packages fix libtasn1 out-of-bounds access vulnerabilities
Posted on: 02/14/2006 08:12 AM

The Mandriva Security Team published a new security update for Mandriva Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:039
http://www.mandriva.com/security/
_______________________________________________________________________

Package : gnutls
Date : February 13, 2006
Affected: 10.1, 10.2, 2006.0
_______________________________________________________________________

Problem Description:

Evgeny Legerov discovered cases of possible out-of-bounds access
in the DER decoding schemes of libtasn1, when provided with invalid
input. This library is bundled with gnutls.

The provided packages have been patched to correct these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0645
_______________________________________________________________________

Updated Packages:

Mandriva Linux 10.1:
854980401ea37c7ffc74837684dda112 10.1/RPMS/gnutls-1.0.13-1.2.101mdk.i586.rpm
a7dbf3fc153f1cd47a70562c2f35583a 10.1/RPMS/libgnutls11-1.0.13-1.2.101mdk.i586.rpm
8f68fb4a8d295539c7067365b13e04fc 10.1/RPMS/libgnutls11-devel-1.0.13-1.2.101mdk.i586.rpm
9df50e7e944f3ceb82428920e3bafe15 10.1/SRPMS/gnutls-1.0.13-1.2.101mdk.src.rpm

Mandriva Linux 10.1/X86_64:
3fb98a2a65b1b0b0555ddff0e61a4a7b x86_64/10.1/RPMS/gnutls-1.0.13-1.2.101mdk.x86_64.rpm
d5ff612ea97c5668e7848e32de9b899c x86_64/10.1/RPMS/lib64gnutls11-1.0.13-1.2.101mdk.x86_64.rpm
45fbf72c634244ae61d6ed480a14b299 x86_64/10.1/RPMS/lib64gnutls11-devel-1.0.13-1.2.101mdk.x86_64.rpm
9df50e7e944f3ceb82428920e3bafe15 x86_64/10.1/SRPMS/gnutls-1.0.13-1.2.101mdk.src.rpm

Mandriva Linux 10.2:
dd212f4fd56ded6d63c67e6d2f95ccec 10.2/RPMS/gnutls-1.0.23-2.2.102mdk.i586.rpm
66cf0d26c552ed36223834a386e78bda 10.2/RPMS/libgnutls11-1.0.23-2.2.102mdk.i586.rpm
4cfb3fdfec9bb89fc3c3f0427320f226 10.2/RPMS/libgnutls11-devel-1.0.23-2.2.102mdk.i586.rpm
efb634eaa2e492a97d5a1c133ba203d0 10.2/SRPMS/gnutls-1.0.23-2.2.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
0660da8e12eeb87752c711815ae28772 x86_64/10.2/RPMS/gnutls-1.0.23-2.2.102mdk.x86_64.rpm
014d51131f651270d1794b1870aed135 x86_64/10.2/RPMS/lib64gnutls11-1.0.23-2.2.102mdk.x86_64.rpm
2835b640d5dc9a44d97f2bd6d4742898 x86_64/10.2/RPMS/lib64gnutls11-devel-1.0.23-2.2.102mdk.x86_64.rpm
efb634eaa2e492a97d5a1c133ba203d0 x86_64/10.2/SRPMS/gnutls-1.0.23-2.2.102mdk.src.rpm

Mandriva Linux 2006.0:
2dfb7ff638e5460a96629f12b33c12d5 2006.0/RPMS/gnutls-1.0.25-2.1.20060mdk.i586.rpm
baacaaf99353a45d410291a3b9588c5e 2006.0/RPMS/libgnutls11-1.0.25-2.1.20060mdk.i586.rpm
6eb83ab7dcff2dbfd0da0cff97d87e1d 2006.0/RPMS/libgnutls11-devel-1.0.25-2.1.20060mdk.i586.rpm
0558c6186fc001fa409d5802d6b09876 2006.0/SRPMS/gnutls-1.0.25-2.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
811e7ba9b1a8df7e7055d2719f8e8265 x86_64/2006.0/RPMS/gnutls-1.0.25-2.1.20060mdk.x86_64.rpm
0eb960f072648f8ae1e6c2f2b204ddd1 x86_64/2006.0/RPMS/lib64gnutls11-1.0.25-2.1.20060mdk.x86_64.rpm
6c767b46c44d485c8b62150336c73948 x86_64/2006.0/RPMS/lib64gnutls11-devel-1.0.25-2.1.20060mdk.x86_64.rpm
0558c6186fc001fa409d5802d6b09876 x86_64/2006.0/SRPMS/gnutls-1.0.25-2.1.20060mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
lt;security*mandriva.comgt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFD8S4qmqjQ0CJFipgRAj4XAJ4347J7gCsR250n5fRIxIvy2PNzCACfa2v1
Z4gWlfsU/2DdjVjs17T1SUI=
=c7Oo
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/security_announce_mdksa_2006039__updated_gnutls_packages_fix_libtasn1_out_of_bounds_access_vulnerabilities.html)