Bug 181014 - CVE-2006-0645 GnuTLS x509 DER DoS
CVE-2006-0645 GnuTLS x509 DER DoS
Status: CLOSED ERRATA
Product: Fedora Legacy
Classification: Retired
Component: gnutls (Show other bugs)
fc3
All Linux
medium Severity high
: ---
: ---
Assigned To: Fedora Legacy Bugs
impact=important, LEGACY, 3
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-02-11 13:17 EST by Marc Deslauriers
Modified: 2007-04-18 13:37 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-02-27 19:52:23 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Marc Deslauriers 2006-02-11 13:17:47 EST
+++ This bug was initially created as a clone of Bug #180903 +++

Reported at http://lists.gnupg.org/pipermail/gnutls-dev/2006-February/001058.html

"this release fixes several serious bugs that would make the DER
decoder in libtasn1 crash on invalid input."

GNU TLS includes Libtasn1, a library developed for ASN.1 strutures management
which includes DER encoding and decoding.  Several flaws were found in the way
libtasn1 decodes DER.  An attacker could create a carefully crafted invalid
X.509 certificate in such a way that could trigger this flaw if parsed by an
application linked to GNU TLS.  This could lead to a denial of service
(application crash).  It is not yet known if this issue could be escalated to
allow arbitrary code execution.

In Red Hat Enterprise Linux 4, only Evolution makes use of this functionality.

-- Additional comment from stransky@redhat.com on 2006-02-10 12:08 EST --
Created an attachment (id=124516)
proposed patch


-- Additional comment from bressers@redhat.com on 2006-02-10 12:38 EST --
Created an attachment (id=124519)
Testcase


-- Additional comment from bugzilla@redhat.com on 2006-02-10 16:38 EST --

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2006-0207.html
Comment 1 Marc Deslauriers 2006-02-11 13:40:49 EST
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here are updated gnutls packages to QA:

Changelog:
* Sat Feb 11 2006 Marc Deslauriers <marcdeslauriers@videotron.ca>
1.0.20-3.1.2.legacy
- - Added patch for GnuTLS x509 DER DoS - CVE-2006-0645

4c4bbeab821c1fc73e675a186649c2a9c591f7ed  gnutls-1.0.20-3.1.2.legacy.i386.rpm
4582b8f361795ee6210b123e702c08c7151795a1  gnutls-1.0.20-3.1.2.legacy.src.rpm
545095bccb975f7099493c935defb472a9275d27  gnutls-devel-1.0.20-3.1.2.legacy.i386.rpm

http://www.infostrategique.com/linuxrpms/legacy/3/gnutls-1.0.20-3.1.2.legacy.src.rpm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFD7jFrLMAs/0C4zNoRAp81AJ97gVvDSBkgIgSbmTYaE0Lc5+T6jwCfaQDw
+tVYi+smnPLsrwkLbO8h27s=
=LVjK
-----END PGP SIGNATURE-----
Comment 2 Pekka Savola 2006-02-12 14:39:22 EST
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

QA w/ rpm-build-compare.sh:
 - source integrity good
 - spec file changes minimal
 - patch identical to RHEL4

+PUBLISH FC3

4582b8f361795ee6210b123e702c08c7151795a1  gnutls-1.0.20-3.1.2.legacy.src.rpm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFD74+AGHbTkzxSL7QRArqFAJ9NOK0eXAbscQ79nbNnffhuOlEA9gCgwbnA
g2B8buuS+ZY6BYuhtxGSPPA=
=RWbi
-----END PGP SIGNATURE-----
Comment 3 Marc Deslauriers 2006-02-12 19:36:59 EST
Packages were pushed to updates-testing.
Comment 4 Pekka Savola 2006-02-14 01:27:46 EST
New policy: automatic accept after two weeks if no negative feedback.
Comment 5 Pekka Savola 2006-02-27 01:42:29 EST
Timeout over.
Comment 6 Marc Deslauriers 2006-02-27 19:52:23 EST
Packages were released

Note You need to log in before you can comment on or make changes to this bug.