MDVSA-2009:116
- Nom du paquet
- gnutls
- Date
- 2009-05-18
- Advisory ID
- MDVSA-2009:116
- Affected versions
- 2009.0 x86_64 , 2009.1 i586 , 2009.0 i586 , 2008.1 i586 , CS4.0 i586 , CS4.0 x86_64 , 2008.1 x86_64 , 2009.1 x86_64
Problem description
Multiple vulnerabilities has been found and corrected in gnutls:
lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not
properly handle invalid DSA signatures, which allows remote attackers
to cause a denial of service (application crash) and possibly have
unspecified other impact via a malformed DSA key that triggers a (1)
free of an uninitialized pointer or (2) double free (CVE-2009-1415).
lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates
RSA keys stored in DSA structures, instead of the intended DSA keys,
which might allow remote attackers to spoof signatures on certificates
or have unspecified other impact by leveraging an invalid DSA key
(CVE-2009-1416).
gnutls-cli in GnuTLS before 2.6.6 does not verify the activation
and expiration times of X.509 certificates, which allows remote
attackers to successfully present a certificate that is (1) not yet
valid or (2) no longer valid, related to lack of time checks in the
_gnutls_x509_verify_certificate function in lib/x509/verify.c in
libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup
(CVE-2009-1417).
The updated packages have been patched to prevent this.
Updated packages
2009.0 x86_64
50eb92f492ac913e11223cf407df5cd4 2009.0/x86_64/gnutls-2.4.1-2.4mdv2009.0.x86_64.rpm e365c536596584def2d8b61ab4ad63a9 2009.0/x86_64/lib64gnutls26-2.4.1-2.4mdv2009.0.x86_64.rpm 13d3880ff941cf06ea4fedeed9ed927b 2009.0/x86_64/lib64gnutls-devel-2.4.1-2.4mdv2009.0.x86_64.rpm dc2307362de50d642550c68a952e69aa 2009.0/SRPMS/gnutls-2.4.1-2.4mdv2009.0.src.rpm
2009.1 i586
bc07281e83debdbb5e652d0b84899c47 2009.1/i586/gnutls-2.6.4-1.2mdv2009.1.i586.rpm 89a97dd8d4cd8b717eacffdcf6d1fe59 2009.1/i586/libgnutls26-2.6.4-1.2mdv2009.1.i586.rpm cbaed84e3b4d9787c4c230b6fa44b7cc 2009.1/i586/libgnutls-devel-2.6.4-1.2mdv2009.1.i586.rpm 96fc806f2ac7db65af86ca7c6513d0f4 2009.1/SRPMS/gnutls-2.6.4-1.2mdv2009.1.src.rpm
2009.0 i586
c28c925bd7f0269611ac9c6dd392df28 2009.0/i586/gnutls-2.4.1-2.4mdv2009.0.i586.rpm 7a41677834cb818e4e8423fa2360e5e8 2009.0/i586/libgnutls26-2.4.1-2.4mdv2009.0.i586.rpm d47da33eac7b6477f2690c153d2e4408 2009.0/i586/libgnutls-devel-2.4.1-2.4mdv2009.0.i586.rpm dc2307362de50d642550c68a952e69aa 2009.0/SRPMS/gnutls-2.4.1-2.4mdv2009.0.src.rpm
2008.1 i586
6d7ecb7d91ba28868368b87e8053aea7 2008.1/i586/gnutls-2.3.0-2.5mdv2008.1.i586.rpm 96b8911ca78bf3e5fc613c712ff981d8 2008.1/i586/libgnutls26-2.3.0-2.5mdv2008.1.i586.rpm d6a02014de6dc2a0c15a2760e137bb51 2008.1/i586/libgnutls-devel-2.3.0-2.5mdv2008.1.i586.rpm 3fb2fe697587a4207059124a71ff44a1 2008.1/SRPMS/gnutls-2.3.0-2.5mdv2008.1.src.rpm
CS4.0 i586
72433f7e4e0952eabf5838e7de56f9cb corporate/4.0/i586/gnutls-1.0.25-2.4.20060mlcs4.i586.rpm 7a3ba08830a820772bb2ffdda5bd9304 corporate/4.0/i586/libgnutls11-1.0.25-2.4.20060mlcs4.i586.rpm cb04b2511750d20901be98da67a287c9 corporate/4.0/i586/libgnutls11-devel-1.0.25-2.4.20060mlcs4.i586.rpm 2c5ddb3d77debdb4eb619896d264ef36 corporate/4.0/SRPMS/gnutls-1.0.25-2.4.20060mlcs4.src.rpm
CS4.0 x86_64
84d3e0ac9c3b992b4d7dadd3f4a83f4f corporate/4.0/x86_64/gnutls-1.0.25-2.4.20060mlcs4.x86_64.rpm 4e97802d216f69842e6a373aa5d83aeb corporate/4.0/x86_64/lib64gnutls11-1.0.25-2.4.20060mlcs4.x86_64.rpm 8af535b1023b577afbe122344fad21be corporate/4.0/x86_64/lib64gnutls11-devel-1.0.25-2.4.20060mlcs4.x86_64.rpm 2c5ddb3d77debdb4eb619896d264ef36 corporate/4.0/SRPMS/gnutls-1.0.25-2.4.20060mlcs4.src.rpm
2008.1 x86_64
b2a99ca654a7c67bfdc77c8c13d748d9 2008.1/x86_64/gnutls-2.3.0-2.5mdv2008.1.x86_64.rpm ecd43a69e956d43346c45450c7fc9051 2008.1/x86_64/lib64gnutls26-2.3.0-2.5mdv2008.1.x86_64.rpm 4347df4cc5403f6a427d9cd1e52080ea 2008.1/x86_64/lib64gnutls-devel-2.3.0-2.5mdv2008.1.x86_64.rpm 3fb2fe697587a4207059124a71ff44a1 2008.1/SRPMS/gnutls-2.3.0-2.5mdv2008.1.src.rpm
2009.1 x86_64
c785b4b48f78089add92553b67ecf7a5 2009.1/x86_64/gnutls-2.6.4-1.2mdv2009.1.x86_64.rpm 5c68d534e8741114dfbb9ddd937badf7 2009.1/x86_64/lib64gnutls26-2.6.4-1.2mdv2009.1.x86_64.rpm d21fab6a3225a1333b757707bbfa7be9 2009.1/x86_64/lib64gnutls-devel-2.6.4-1.2mdv2009.1.x86_64.rpm 96fc806f2ac7db65af86ca7c6513d0f4 2009.1/SRPMS/gnutls-2.6.4-1.2mdv2009.1.src.rpm