Scientific Linux Forum.org



  Reply to this topicStart new topicStart Poll

> Cryto bug vulnerability
U308
 Posted: Mar 5 2014, 04:57 PM
Quote Post


SLF Advocate
*****

Group: Members
Posts: 472
Member No.: 32
Joined: 11-April 11









PM
^
+X^N
 Posted: Mar 5 2014, 09:12 PM
Quote Post


SLF Member
***

Group: Members
Posts: 130
Member No.: 2581
Joined: 27-June 13









U308,
looks like T.U.V. has a fix , as well as S.L.for v. 5 & v. 6 32 bit + 64 bit ...
.
Here is v. 5 notice on the errata mail-list http://listserv.fnal.gov/scripts/wa.exe?A2=ind1403&L=scientific-linux-errata&T=0&P=76
Security ERRATA Important: gnutls on SL5.x i386/x86_64
QUOTE
From:        Pat Riehecky <[log in to unmask]>
Subject:      Security ERRATA Important: gnutls on SL5.x i386/x86_64
Content-Type: text/plain; charset="utf-8"

Synopsis: Important: gnutls security update Advisory ID: SLSA-2014:0247-1
Issue Date: 2014-03-03 CVE Numbers: CVE-2014-0092 CVE-2009-5138
--
It was discovered that GnuTLS did not correctly handle certain errors that
could occur during the verification of an X.509 certificate, causing it to
incorrectly report a successful verification. An attacker could use this
flaw to create a specially crafted certificate that could be accepted by
GnuTLS as valid for a site chosen by the attacker. (CVE-2014-0092)

A flaw was found in the way GnuTLS handled version 1 X.509 certificates.
An attacker able to obtain a version 1 certificate from a trusted
certificate authority could use this flaw to issue certificates for other
sites that would be accepted by GnuTLS as valid. (CVE-2009-5138)

For the update to take effect, all applications linked to the GnuTLS
library must be restarted.
--

SL5
  x86_64
    gnutls-1.4.1-14.el5_10.i386.rpm
    gnutls-1.4.1-14.el5_10.x86_64.rpm
    gnutls-debuginfo-1.4.1-14.el5_10.i386.rpm
    gnutls-debuginfo-1.4.1-14.el5_10.x86_64.rpm
    gnutls-utils-1.4.1-14.el5_10.x86_64.rpm
    gnutls-devel-1.4.1-14.el5_10.i386.rpm
    gnutls-devel-1.4.1-14.el5_10.x86_64.rpm
  i386
    gnutls-1.4.1-14.el5_10.i386.rpm
    gnutls-debuginfo-1.4.1-14.el5_10.i386.rpm
    gnutls-utils-1.4.1-14.el5_10.i386.rpm
    gnutls-devel-1.4.1-14.el5_10.i386.rpm

- Scientific Linux Development Team

Here is v.6 notice on the errata mail-list http://listserv.fnal.gov/scripts/wa.exe?A2=ind1403&L=scientific-linux-errata&T=0&P=199
Security ERRATA Important: gnutls on SL6.x i386/x86_64
QUOTE
From:        Pat Riehecky <[log in to unmask]>
Subject:      Security ERRATA Important: gnutls on SL6.x i386/x86_64
Synopsis:          Important: gnutls security update
Advisory ID:      SLSA-2014:0246-1
Issue Date:        2014-03-03
CVE Numbers:      CVE-2014-0092
--
It was discovered that GnuTLS did not correctly handle certain errors that
could occur during the verification of an X.509 certificate, causing it to
incorrectly report a successful verification. An attacker could use this
flaw to create a specially crafted certificate that could be accepted by
GnuTLS as valid for a site chosen by the attacker. (CVE-2014-0092)

For the update to take effect, all applications linked to the GnuTLS
library must be restarted.
--

SL6
  x86_64
    gnutls-2.8.5-13.el6_5.i686.rpm
    gnutls-2.8.5-13.el6_5.x86_64.rpm
    gnutls-debuginfo-2.8.5-13.el6_5.i686.rpm
    gnutls-debuginfo-2.8.5-13.el6_5.x86_64.rpm
    gnutls-utils-2.8.5-13.el6_5.x86_64.rpm
    gnutls-devel-2.8.5-13.el6_5.i686.rpm
    gnutls-devel-2.8.5-13.el6_5.x86_64.rpm
    gnutls-guile-2.8.5-13.el6_5.i686.rpm
    gnutls-guile-2.8.5-13.el6_5.x86_64.rpm
  i386
    gnutls-2.8.5-13.el6_5.i686.rpm
    gnutls-debuginfo-2.8.5-13.el6_5.i686.rpm
    gnutls-utils-2.8.5-13.el6_5.i686.rpm
    gnutls-devel-2.8.5-13.el6_5.i686.rpm
    gnutls-guile-2.8.5-13.el6_5.i686.rpm

- Scientific Linux Development Team

--------------------
DELL Precision 470 Workstation Xeon 3.2GHz (x2) , 2GB ECC ram ;
DELL UltraSharp 2007WFPb (L) ips monitor
Dual boot :1st installed: WinXPPro & then SL6.4 x86_64 - via 2 'everything' DVD s { GRUB going into the SL6.4 partition } ;
Updated to 6.5 via DVD s

& Steelcase vintage / old-school stenographers seat (made in Grand Rapids , MI , USA)
PMUsers Website
^
U308
 Posted: Mar 6 2014, 06:36 AM
Quote Post


SLF Advocate
*****

Group: Members
Posts: 472
Member No.: 32
Joined: 11-April 11









QUOTE (+X^N @ Mar 5 2014, 11:12 PM)
U308,
looks like T.U.V. has a fix , as well as S.L.for v. 5 & v. 6 32 bit + 64 bit  ...

OK, Thanks +X^N.
My confusion was due to the updated package being referred to as Version 3.2.12, whereas I have the 2.8x one mentioned in your reply for 64 bit systems.
PM
^
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

Topic Options Reply to this topicStart new topicStart Poll