[Bluewhite64 Linux Security] gnutls [BW64SA:200905011-01]
Hash: SHA1
[Bluewhite64 Linux Security] gnutls [BW64SA:200905011-01]
New gnutls packages are available for Bluewhite64 Linux 12.0, 12.1, 12.2,
and -current to fix security issues.
More details about the issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1415
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1416
Here are the details from the Bluewhite64 Linux 12.2 ChangeLog:
- ----------------------------------------------------------------
PATCHES/packages/gnutls-2.6.2-x86_64-2.tgz
Patched the following security issues:
- Corrected double free on signature verification failure.
Reported by Miroslav Kratochvil
- Noticed when investigating the previous GNUTLS-SA-2009-1 problem.
All DSA keys generated using GnuTLS 2.6.x are corrupt.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1415
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1416
[*** Security fix ***]
Download the new packages from:
- --------------------------------
For Bluewhite64 Linux 12.0:
http://data.bluewhite64.com/bluewhite64-12.0/patches/packages/gnutls-2.6.2-x86_64-1.tgz
For Bluewhite64 Linux 12.1:
http://data.bluewhite64.com/bluewhite64-12.1/patches/packages/gnutls-2.6.2-x86_64-1.tgz
For Bluewhite64 Linux 12.2:
http://data.bluewhite64.com/bluewhite64-12.2/patches/packages/gnutls-2.6.2-x86_64-2.tgz
For Bluewhite64 Linux -current:
http://data.bluewhite64.com/bluewhite64-current/bluewhite64/n/gnutls-2.6.6-x86_64-1.txz
Also, please see the "Get Bluewhite64" section on http://www.bluewhite64.com for
additional mirror sites near you.
MD5 signatures:
- ----------------
Bluewhite64 12.0 package:
edec8652ac9d5058e3651d83561e2da1 gnutls-2.6.2-x86_64-1.tgz
Bluewhite64 12.1 package:
434141f72e16dc3dbb88a3316f22463b gnutls-2.6.2-x86_64-1.tgz
Bluewhite64 12.2 package:
cdf3a1007855c10faf4f094aa4dcfd25 gnutls-2.6.2-x86_64-2.tgz
Bluewhite64 -current package:
39a05fcf27357b53137c0dff96a391eb gnutls-2.6.6-x86_64-1.txz
Installation instructions:
- ----------------------------
Upgrade the package as root:
# upgradepkg gnutls-2.6.2-x86_64-2.tgz
- ---
Bluewhite64 Linux Security Team
http://bluewhite64.com/gpg-key
security©bluewhite64.com
- ------------------------------------------------------
To leave the bluewhite64-security mailing list:
Send a blank email to
bluewhite64-security-unsubscribe©bluewhite64.com
You will get a confirmation message back containing
instructions to complete the process.
Please do not reply to this email address.
- ------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkoIdNYACgkQpTOsxuDdlY5T7gCfUC/T3chPcpjh8KqJlLm3Z6fq
gCEAnRCYs5wk/L8ShSL2WyvuXuVPj5pf
=5YwT
-----END PGP SIGNATURE-----