Contact | Site en Français               

 


 

Vulnerabilities & Threats
 
  VUPEN Security Advisories
  Linux Security Advisories

  Malware Advisories
  Security Research
  Threat Watch Blog
  Zero-Day Monitor
  Search Engine
  Mailing List & RSS
 
   

>> Mandriva Security Update Fixes GnuTLS Denial of Service Issue

Title : Mandriva Security Update Fixes GnuTLS Denial of Service Issue
VUPEN ID : VUPEN/ADV-2005-0535
CVE ID : CVE-2005-1431
CWE ID : CWE-
Rated as : Moderate Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2005-05-13

Technical Description    Receive VUPEN Security alerts in a Text format  Receive VUPEN Security alerts in a PDF format  Receive VUPEN Security alerts in an XML format 

Mandriva has released a security patch to correct a vulnerability identified in GnuTLS. This flaw resides in the record packet parsing and the RSA key export functionalities of GnuTLS, which may be exploited by remote attackers to cause a denial of service (DoS) to any application that utilizes the GnuTLS library.

Affected Products

Mandrakelinux 10.1
Mandrakelinux 10.2

Solution

Use MandrakeUpdate or apply the patches :
Mandrakelinux 10.1:
3901ab03e31589ff09a17703c64834a7 10.1/RPMS/gnutls-1.0.13-1.1.101mdk.i586.rpm
9330b4d1e79efe3aba750ce9a5a17853 10.1/RPMS/libgnutls11-1.0.13-1.1.101mdk.i586.rpm
82bf186492340e2b873639b4e7c56346 10.1/RPMS/libgnutls11-devel-1.0.13-1.1.101mdk.i586.rpm
b0f68343453fb1c092b495e2d278af16 10.1/SRPMS/gnutls-1.0.13-1.1.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
7249cbf6e89c219cacce161ef912b722 x86_64/10.1/RPMS/gnutls-1.0.13-1.1.101mdk.x86_64.rpm
2aaf5157c4639258204a8239456a1dcc x86_64/10.1/RPMS/lib64gnutls11-1.0.13-1.1.101mdk.x86_64.rpm
4f2d1bc7f1ef8dfde81e1e471531d8a7 x86_64/10.1/RPMS/lib64gnutls11-devel-1.0.13-1.1.101mdk.x86_64.rpm
b0f68343453fb1c092b495e2d278af16 x86_64/10.1/SRPMS/gnutls-1.0.13-1.1.101mdk.src.rpm
Mandrakelinux 10.2:
e806886f50d1143d859a58deca01be12 10.2/RPMS/gnutls-1.0.23-2.1.102mdk.i586.rpm
7be1c94df46ca3c351ec02ea577e9684 10.2/RPMS/libgnutls11-1.0.23-2.1.102mdk.i586.rpm
53f40a8e37fc739408ab555aebb8731b 10.2/RPMS/libgnutls11-devel-1.0.23-2.1.102mdk.i586.rpm
7ccd73cf5cd83af889657a95a6b499ae 10.2/SRPMS/gnutls-1.0.23-2.1.102mdk.src.rpm
Mandrakelinux 10.2/X86_64:
e09497fcb976f203ab4ab79a969fbfc2 x86_64/10.2/RPMS/gnutls-1.0.23-2.1.102mdk.x86_64.rpm
d2ff2b32ee329ceaa4da394119b67f8d x86_64/10.2/RPMS/lib64gnutls11-1.0.23-2.1.102mdk.x86_64.rpm
4c7b5da9adf83eab8bc4305ac7484b07 x86_64/10.2/RPMS/lib64gnutls11-devel-1.0.23-2.1.102mdk.x86_64.rpm
7ccd73cf5cd83af889657a95a6b499ae x86_64/10.2/SRPMS/gnutls-1.0.23-2.1.102mdk.src.rpm

References

http://www.vupen.com/english/advisories/2005/0535
http://archives.mandrivalinux.com/security-announce/2005-05/msg00005.php

ChangeLog

2005-05-13 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.
 

Vulnerability Alerting

Free 14-Day Trial
 
  Latest News

 

  >> 2009-07-06

     

  Microsoft Windows 0-Day
  Flaw Exploited in the Wild


  >> 2009-06-10

     

  VUPEN Security Research
  Discovered Critical Flaws
  in Adobe Acrobat and MS
  Office Word


  >> 2009-06-02

     

  VUPEN Security Research
  Discovered Critical Flaws
  in ACDSee Products


  >> 2009-05-22

     

  VUPEN Discovered Two
  Critical Vulnerabilities in
  Novell GroupWise 8 / 7

 

 

More Informations    
    








Copyright 2003-2009 © VUPEN.COM - Privacy Policy