80 lines
2.5 KiB
XML
80 lines
2.5 KiB
XML
<?xml version="1.0" encoding="utf-8"?>
|
|
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
|
|
<glsa id="200505-04">
|
|
<title>GnuTLS: Denial of Service vulnerability</title>
|
|
<synopsis>
|
|
The GnuTLS library is vulnerable to Denial of Service attacks.
|
|
</synopsis>
|
|
<product type="ebuild">GnuTLS</product>
|
|
<announced>2005-05-09</announced>
|
|
<revised count="01">2005-05-09</revised>
|
|
<bug>90726</bug>
|
|
<access>remote</access>
|
|
<affected>
|
|
<package name="net-libs/gnutls" auto="yes" arch="*">
|
|
<unaffected range="ge">1.2.3</unaffected>
|
|
<unaffected range="rge">1.0.25</unaffected>
|
|
<vulnerable range="lt">1.2.3</vulnerable>
|
|
</package>
|
|
</affected>
|
|
<background>
|
|
<p>
|
|
GnuTLS is a free TLS 1.0 and SSL 3.0 implementation for the GNU
|
|
project.
|
|
</p>
|
|
</background>
|
|
<description>
|
|
<p>
|
|
A vulnerability has been discovered in the record packet parsing
|
|
in the GnuTLS library. Additionally, a flaw was also found in the RSA
|
|
key export functionality.
|
|
</p>
|
|
</description>
|
|
<impact type="normal">
|
|
<p>
|
|
A remote attacker could exploit this vulnerability and cause a
|
|
Denial of Service to any application that utilizes the GnuTLS library.
|
|
</p>
|
|
</impact>
|
|
<workaround>
|
|
<p>
|
|
There is no known workaround at this time.
|
|
</p>
|
|
</workaround>
|
|
<resolution>
|
|
<p>
|
|
All GnuTLS users should remove the existing installation and
|
|
upgrade to the latest version:
|
|
</p>
|
|
<code>
|
|
# emerge --sync
|
|
# emerge --unmerge gnutls
|
|
# emerge --ask --oneshot --verbose net-libs/gnutls</code>
|
|
<p>
|
|
Due to small API changes with the previous version, please do
|
|
the following to ensure your applications are using the latest GnuTLS
|
|
that you just emerged.
|
|
</p>
|
|
<code>
|
|
# revdep-rebuild --soname-regexp libgnutls.so.1[0-1]</code>
|
|
<p>
|
|
Previously exported RSA keys can be fixed by executing the
|
|
following command on the key files:
|
|
</p>
|
|
<code>
|
|
# certtool -k infile outfile</code>
|
|
</resolution>
|
|
<references>
|
|
<uri link="http://lists.gnupg.org/pipermail/gnutls-dev/2005-April/000858.html">GnuTLS Announcement</uri>
|
|
<uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1431">CAN-2005-1431</uri>
|
|
</references>
|
|
<metadata tag="requester" timestamp="2005-04-29T18:20:03Z">
|
|
koon
|
|
</metadata>
|
|
<metadata tag="bugReady" timestamp="2005-04-30T14:44:07Z">
|
|
koon
|
|
</metadata>
|
|
<metadata tag="submitter" timestamp="2005-04-30T16:35:11Z">
|
|
lewk
|
|
</metadata>
|
|
</glsa>
|