Jump to content
Compatible Support Forums
Sign in to follow this  
Followers 0
news

[Security Announce] [ MDVSA-2008:227 ] gnutls

By news, in Upcoming News

Recommended Posts

news    28

news
Posted

This is a multi-part message in MIME format...

 

------------=_1226543712-14940-3051

 

 

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

_______________________________________________________________________

 

Mandriva Linux Security Advisory MDVSA-2008:227

http://www.mandriva.com/security/

_______________________________________________________________________

 

Package : gnutls

Date : November 12, 2008

Affected: 2008.0, 2008.1, 2009.0

_______________________________________________________________________

 

Problem Description:

 

Martin von Gagern found a flow in how GnuTLS versions 1.2.4 up until

2.6.1 verified certificate chains provided by a server. A malicious

server could use this flaw to spoof its identity by tricking client

applications that used the GnuTLS library to trust invalid certificates

(CVE-2008-4989).

 

The updated packages have been patched to correct this issue.

_______________________________________________________________________

 

References:

 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4989

_______________________________________________________________________

 

Updated Packages:

 

Mandriva Linux 2008.0:

34153ada0d8f5e15ce0c485b11831d7b 2008.0/i586/gnutls-2.0.0-2.2mdv2008.0.i586.rpm

0b46ebe6d8e44eb4d1053e66f591d069 2008.0/i586/libgnutls13-2.0.0-2.2mdv2008.0.i586.rpm

f2b15aff240f686074760f6def6eb15f 2008.0/i586/libgnutls-devel-2.0.0-2.2mdv2008.0.i586.rpm

782fcf06fbbef4902a19f6f167468dd3 2008.0/SRPMS/gnutls-2.0.0-2.2mdv2008.0.src.rpm

 

Mandriva Linux 2008.0/X86_64:

36d7717cbd69b8eaf3d3fb7a1a5460b2 2008.0/x86_64/gnutls-2.0.0-2.2mdv2008.0.x86_64.rpm

5de9bb9606d7376e1316530a06fcf811 2008.0/x86_64/lib64gnutls13-2.0.0-2.2mdv2008.0.x86_64.rpm

31ac4eada9cc4728961a63cd4c0b9f1b 2008.0/x86_64/lib64gnutls-devel-2.0.0-2.2mdv2008.0.x86_64.rpm

782fcf06fbbef4902a19f6f167468dd3 2008.0/SRPMS/gnutls-2.0.0-2.2mdv2008.0.src.rpm

 

Mandriva Linux 2008.1:

a994e8b75456e7072140ce99b3db34b3 2008.1/i586/gnutls-2.3.0-2.2mdv2008.1.i586.rpm

4a75a7074c2c3ce5ed7e227c1fb649bc 2008.1/i586/libgnutls26-2.3.0-2.2mdv2008.1.i586.rpm

663eb73655292445f569db0eaded64c4 2008.1/i586/libgnutls-devel-2.3.0-2.2mdv2008.1.i586.rpm

98cdc535fca1c579c615a78acf664b93 2008.1/SRPMS/gnutls-2.3.0-2.2mdv2008.1.src.rpm

 

Mandriva Linux 2008.1/X86_64:

34218ff0d8daa441c641324911e28e04 2008.1/x86_64/gnutls-2.3.0-2.2mdv2008.1.x86_64.rpm

49ffee1bd312e6f96937e083ad62e43e 2008.1/x86_64/lib64gnutls26-2.3.0-2.2mdv2008.1.x86_64.rpm

fb3fc4547c83eb9c0d888af75e277c99 2008.1/x86_64/lib64gnutls-devel-2.3.0-2.2mdv2008.1.x86_64.rpm

98cdc535fca1c579c615a78acf664b93 2008.1/SRPMS/gnutls-2.3.0-2.2mdv2008.1.src.rpm

 

Mandriva Linux 2009.0:

d2c4bbbef7fcc9dae472469d0464ae34 2009.0/i586/gnutls-2.4.1-1.1mdv2009.0.i586.rpm

648df3147464016c51f5b912c705ba34 2009.0/i586/libgnutls26-2.4.1-1.1mdv2009.0.i586.rpm

213046d8f2a3979da2a2bf9477b8de66 2009.0/i586/libgnutls-devel-2.4.1-1.1mdv2009.0.i586.rpm

11f9b81ba4f9572c5f98d8ef95dc0448 2009.0/SRPMS/gnutls-2.4.1-1.1mdv2009.0.src.rpm

 

Mandriva Linux 2009.0/X86_64:

eba230e9e703fec6d24218bbb343213f 2009.0/x86_64/gnutls-2.4.1-1.1mdv2009.0.x86_64.rpm

97e3ade4d719d783338f96032cff40f5 2009.0/x86_64/lib64gnutls26-2.4.1-1.1mdv2009.0.x86_64.rpm

f2cb5fa913970ede87d7ede80afe91e0 2009.0/x86_64/lib64gnutls-devel-2.4.1-1.1mdv2009.0.x86_64.rpm

11f9b81ba4f9572c5f98d8ef95dc0448 2009.0/SRPMS/gnutls-2.4.1-1.1mdv2009.0.src.rpm

_______________________________________________________________________

 

To upgrade automatically use MandrivaUpdate or urpmi. The verification

of md5 checksums and GPG signatures is performed automatically for you.

 

All packages are signed by Mandriva for security. You can obtain the

GPG public key of the Mandriva Security Team by executing:

 

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 

You can view other update advisories for Mandriva Linux at:

 

http://www.mandriva.com/security/advisories

 

If you want to report vulnerabilities, please contact

 

security_(at)_mandriva.com

_______________________________________________________________________

 

Type Bits/KeyID Date User ID

pub 1024D/22458A98 2000-07-10 Mandriva Security Team

 

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.9 (GNU/Linux)

 

iD8DBQFJG2WdmqjQ0CJFipgRAlcYAJ0d/RzfKhu55fYf46oaCyRhgp8wnACfdwka

PM1D51X/eji/nCMzlZ2qk0c=

=Arsu

-----END PGP SIGNATURE-----

 

 

------------=_1226543712-14940-3051

Content-Type: text/plain; name="message-footer.txt"

Content-Disposition: inline; filename="message-footer.txt"

Content-Transfer-Encoding: 8bit

 

To unsubscribe, send a email to sympa ( -at -) mandrivalinux.org

with this subject : unsubscribe security-announce

_______________________________________________________

Want to buy your Pack or Services from Mandriva?

Go to http://www.mandrivastore.com

Join the Club : http://www.mandrivaclub.com

_______________________________________________________

 

------------=_1226543712-14940-3051--

 

 

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Upcoming News
×