Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


More on LinuxToday


Advisories, February 10, 2006

Feb 11, 2006, 05:00 (0 Talkback[s])

Debian GNU/Linux


Debian Security Advisory DSA 967-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
February 10th, 2006 http://www.debian.org/security/faq


Package : elog
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE IDs : CVE-2006-4439 CVE-2006-0347 CVE-2006-0348 CVE-2006-0597 CVE-2006-0598 CVE-2006-0599 CVE-2006-0600
Debian Bug : 349528

Several security problems have been found in elog, an electonic logbook to manage notes. The Common Vulnerabilities and Exposures Project identifies the following problems:

CVE-2005-4439

"GroundZero Security" discovered that elog insufficiently checks the size of a buffer used for processing URL parameters, which might lead to the execution of arbitrary code.

CVE-2006-0347

It was discovered that elog contains a directory traveral vulnerability in the processing of "../" sequences in URLs, which might lead to information disclosure.

CVE-2006-0348

The code to write the log file contained a format string vulnerability, which might lead to the execution of arbitrary code.

CVE-2006-0597

Overly long revision attributes might trigger a crash due to a buffer overflow.

CVE-2006-0598

The code to write the log file does not enforce bounds checks properly, which might lead to the execution of arbitrary code.

CVE-2006-0599

elog emitted different errors messages for invalid passwords and invalid users, which allows an attacker to probe for valid user names.

CVE-2006-0600

An attacker could be driven into infinite redirection with a crafted "fail" request, which has denial of service potential.

The old stable distribution (woody) does not contain elog packages.

For the stable distribution (sarge) these problems have been fixed in version 2.5.7+r1558-4+sarge2.

For the unstable distribution (sid) these problems have been fixed in version 2.6.1+r1642-1.

We recommend that you upgrade your elog package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge2.dsc
      Size/MD5 checksum: 581 ed02ecef4eb70c7344532b1a75f893bc
    http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge2.diff.gz
      Size/MD5 checksum: 21652 ab45bff97bf2e7c42cd5ccca5a80103e
    http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558.orig.tar.gz
      Size/MD5 checksum: 538216 e05c9fdaa02692ce20c70a5fd2748fe3

Alpha architecture:

    http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge2_alpha.deb
      Size/MD5 checksum: 555270 5cb3aba4fc1303a65984aab4acaf32da

AMD64 architecture:

    http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge2_amd64.deb
      Size/MD5 checksum: 511706 5e41b71ee6f3a42d5e7ac033b436c059

ARM architecture:

    http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge2_arm.deb
      Size/MD5 checksum: 516094 95f2c045af860501a8e8bad54d0f6958

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge2_i386.deb
      Size/MD5 checksum: 513918 0dfe3628e07c5cea6f2609683104dbab

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge2_ia64.deb
      Size/MD5 checksum: 597254 7f83bb7006849edf56411255e0b55e5f

HP Precision architecture:

    http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge2_hppa.deb
      Size/MD5 checksum: 543576 a09646d99c692e210164fb4a7f58c05a

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge2_m68k.deb
      Size/MD5 checksum: 482016 b92bbd85b3d1041cbf403070e4aa43c7

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge2_mips.deb
      Size/MD5 checksum: 521234 33f7d96179fa0b4bd7cd314a33c54e31

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge2_mipsel.deb
      Size/MD5 checksum: 524336 b30ef21a7a9a958839569cf548fffebb

PowerPC architecture:

    http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge2_powerpc.deb
      Size/MD5 checksum: 523540 823e5cb99e854a5ba0264259d7116deb

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge2_s390.deb
      Size/MD5 checksum: 514274 01f3ebd90422c9d94c109f60921c2634

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-4+sarge2_sparc.deb
      Size/MD5 checksum: 518960 661427182cad6ca5a08663ffa505e4ef

These files will probably be moved into the stable distribution on its next update.


For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

Fedora Core


Fedora Update Notification
FEDORA-2006-103
2006-02-10

Product : Fedora Core 4
Name : poppler
Version : 0.4.5
Release : 1.1
Summary : PDF rendering library

Description :
Poppler, a PDF rendering library, it's a fork of the xpdf PDF viewer developed by Derek Noonburg of Glyph and Cog, LLC.


Update Information:

Heap-based buffer overflow in Splash.cc in poppler, allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap.


  • Thu Feb 9 2006 Kristian Högsberg <krh@redhat.com> 0.4.5-1.1
    • Security release: CVE-2006-0301.

This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

a6389ee0a029cd9d00554e895379b58141be1e9d SRPMS/poppler-0.4.5-1.1.src.rpm
55b7d8faeda8942de95da47256dd63324826ab0d ppc/poppler-0.4.5-1.1.ppc.rpm
4e2cf64d7b1cf1f6dcd2f4d4dec6abfe37032cbf ppc/poppler-devel-0.4.5-1.1.ppc.rpm
b04be63e76106bb65bb7e9e1a99c74a8e973514d ppc/debug/poppler-debuginfo-0.4.5-1.1.ppc.rpm
249b969c8751b1a53722e8264d2f3fc8fc5e9979 x86_64/poppler-0.4.5-1.1.x86_64.rpm
f5e61e706c434ad24bd6cece6affa754361d80cd x86_64/poppler-devel-0.4.5-1.1.x86_64.rpm
cfb05d07796ee23f56ed3aa19111f875d54e4b7f x86_64/debug/poppler-debuginfo-0.4.5-1.1.x86_64.rpm
8dc27611a2cde6baeb0d6212a88e7ad6d8035808 i386/poppler-0.4.5-1.1.i386.rpm
73f916b518fa1e32a1ecba95cf9cc36a6e2bc49a i386/poppler-devel-0.4.5-1.1.i386.rpm
7026c75efdce668f7e35bc2332f5d516496aef1f i386/debug/poppler-debuginfo-0.4.5-1.1.i386.rpm

This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://fedora.redhat.com/docs/yum/.


Fedora Update Notification
FEDORA-2006-104
2006-02-10

Product : Fedora Core 4
Name : xpdf
Version : 3.01
Release : 0.FC4.8
Summary : A PDF file viewer for the X Window System.

Description :
Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. Xpdf is a small and efficient program which uses standard X fonts.


Update Information:

xpdf contains a heap based buffer overflow in the splash rasterizer engine that can crash kpdf or even execute arbitrary code.

Users impacted by these issues, should update to this new package release.


  • Tue Feb 7 2006 Than Ngo <than@redhat.com> 1:3.01-0.FC4.8
    • apply official patch to fix buffer overflow issue in the xpdf codebase when handling splash images CVE-2006-0301 (#179047).
  • Fri Jan 27 2006 Than Ngo <than@redhat.com> 1:3.01-0.FC4.7
    • apply patch to fix buffer overflow issue in the xpdf codebase when handling splash images CVE-2006-0301 (#179047).

This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

aea6ed92fb72a3f6674e77f6d973d6227a174385 SRPMS/xpdf-3.01-0.FC4.8.src.rpm
39f47f83421e36ff6b5ab0713ca792555eaac2d3 ppc/xpdf-3.01-0.FC4.8.ppc.rpm
9b557fbbd3a8ae434c2f0ad244fa1bcf7dabe6fa ppc/debug/xpdf-debuginfo-3.01-0.FC4.8.ppc.rpm
565e4e6eefaad8c740db501fbe87424c21cb32ea x86_64/xpdf-3.01-0.FC4.8.x86_64.rpm
91fd44a731cd12ff96e76b34381c047465af3983 x86_64/debug/xpdf-debuginfo-3.01-0.FC4.8.x86_64.rpm
4d4190ad7743c84acc0ad2070ae6ece97dab7232 i386/xpdf-3.01-0.FC4.8.i386.rpm
6e39fde98f929e680ee931cc5146a23d6e7e9c67 i386/debug/xpdf-debuginfo-3.01-0.FC4.8.i386.rpm

This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://fedora.redhat.com/docs/yum/.


Fedora Update Notification
FEDORA-2006-105
2006-02-10

Product : Fedora Core 4
Name : kdegraphics
Version : 3.5.1
Release : 0.2.fc4
Summary : K Desktop Environment - Graphics Applications

Description :
Graphics applications for the K Desktop Environment.

Includes:
kdvi (displays TeX .dvi files)
kfax (displays faxfiles)
kghostview (displays postscript files)
kcoloredit (palette editor and color chooser)
kamera (digital camera support)
kiconedit (icon editor)
kpaint (a simple drawing program)
ksnapshot (screen capture utility)
kview (image viewer for GIF, JPEG, TIFF, etc.)
kuickshow (quick picture viewer)
kooka (scanner application)
kruler (screen ruler and color measurement tool)


Update Information:

kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains a heap based buffer overflow in the splash rasterizer engine that can crash kpdf or even execute arbitrary code.

Users impacted by these issues, should update to this new package release.


  • Tue Feb 7 2006 Than Ngo <than@redhat.com> 7:3.5.1-0.2.fc4
    • apply patch to fix buffer overflow in kpdf, CVE-2006-0301 (#179056)

This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

4ed4ed8ca7762a7140b4aea37862078bc3758988 SRPMS/kdegraphics-3.5.1-0.2.fc4.src.rpm
3a9a3b3777eff2ac02ff21ba78151d25c3395a9d ppc/kdegraphics-3.5.1-0.2.fc4.ppc.rpm
9c25998f60be8531e2e1a4366611501d2adee26e ppc/kdegraphics-devel-3.5.1-0.2.fc4.ppc.rpm
296f883442cba8315c5b23799d3488ffaa843c89 ppc/debug/kdegraphics-debuginfo-3.5.1-0.2.fc4.ppc.rpm
03990a0a90d0bc769494759727b2e76f20cde814 x86_64/kdegraphics-3.5.1-0.2.fc4.x86_64.rpm
2ab08e61a5137f1833f8ca815a5dc025aba38ae6 x86_64/kdegraphics-devel-3.5.1-0.2.fc4.x86_64.rpm
9c539d49ecc4be772816d8c3989951736d7454a3 x86_64/debug/kdegraphics-debuginfo-3.5.1-0.2.fc4.x86_64.rpm
a99acaa35091e76a25a51acad2e7fe0a3719720d i386/kdegraphics-3.5.1-0.2.fc4.i386.rpm
ce4cc146300daa51cb37089de8aefbd407a7a102 i386/kdegraphics-devel-3.5.1-0.2.fc4.i386.rpm
5b918d77c186fa41958dc5ac503e2367afe23c58 i386/debug/kdegraphics-debuginfo-3.5.1-0.2.fc4.i386.rpm

This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://fedora.redhat.com/docs/yum/.

Mandriva Linux


Mandriva Linux Advisory MDKA-2006:018
http://www.mandriva.com/security/


Package : ghostscript
Date : February 10, 2006
Affected: 2006.0


Problem Description:

A number of bugs have been corrected with this latest ghostscript package including a fix when rendering imaged when converting PostScript to PDF with ps2pdf, a crash when generating PDF files with the pdfwrite device, several segfaults, a fix for vertical japanese text, and a number of other fixes.


Updated Packages:

Mandriva Linux 2006.0:
2001ad8bdee14e5e24a634d59201e94d 2006.0/RPMS/ghostscript-8.15-24.3.20060mdk.i586.rpm
99e0ea14ab002ea7e331c654044cdee6 2006.0/RPMS/ghostscript-dvipdf-8.15-24.3.20060mdk.i586.rpm
4905fa82c2c49b1ee9fc1d35f0fa7643 2006.0/RPMS/ghostscript-module-X-8.15-24.3.20060mdk.i586.rpm
ddc0823e3630439f28681a98cc72b557 2006.0/RPMS/libijs1-0.35-24.3.20060mdk.i586.rpm
218eff5a5ff0b9c6fa2ac16c88fe90be 2006.0/RPMS/libijs1-devel-0.35-24.3.20060mdk.i586.rpm
accf3a6ccc55f2d0dc8690794a812bfa 2006.0/SRPMS/ghostscript-8.15-24.3.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
c7922f2bb7db5fdf00c8f9e10fc71eef x86_64/2006.0/RPMS/ghostscript-8.15-24.3.20060mdk.x86_64.rpm
8c50eab847f8997d3ef27007c4416e17 x86_64/2006.0/RPMS/ghostscript-dvipdf-8.15-24.3.20060mdk.x86_64.rpm
6d1b49a2a43a88901509071dac871a15 x86_64/2006.0/RPMS/ghostscript-module-X-8.15-24.3.20060mdk.x86_64.rpm
0d74dbe167ff753deecfa22f2b9bd6a5 x86_64/2006.0/RPMS/lib64ijs1-0.35-24.3.20060mdk.x86_64.rpm
094bd2c4f5ab5e821722d79f335e4d5d x86_64/2006.0/RPMS/lib64ijs1-devel-0.35-24.3.20060mdk.x86_64.rpm
accf3a6ccc55f2d0dc8690794a812bfa x86_64/2006.0/SRPMS/ghostscript-8.15-24.3.20060mdk.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>

Red Hat Linux


Red Hat Security Advisory

Synopsis: Important: gnutls security update
Advisory ID: RHSA-2006:0207-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0207.html
Issue date: 2006-02-10
Updated on: 2006-02-10
Product: Red Hat Enterprise Linux
CVE Names: CVE-2006-0645


1. Summary:

Updated gnutls packages that fix a security issue are now available for Red Hat Enterprise Linux 4.

This update has been rated as having important security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

The GNU TLS Library provides support for cryptographic algorithms and protocols such as TLS. GNU TLS includes Libtasn1, a library developed for ASN.1 structures management that includes DER encoding and decoding.

Several flaws were found in the way libtasn1 decodes DER. An attacker could create a carefully crafted invalid X.509 certificate in such a way that could trigger this flaw if parsed by an application that uses GNU TLS. This could lead to a denial of service (application crash). It is not certain if this issue could be escalated to allow arbitrary code execution. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0645 to this issue.

In Red Hat Enterprise Linux 4, the GNU TLS library is only used by the Evolution client when connecting to an Exchange server or when publishing calendar information to a WebDAV server.

Users are advised to upgrade to these updated packages, which contain a backported patch from the GNU TLS maintainers to correct this issue.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

180903 - CVE-2006-0645 GnuTLS x509 DER DoS

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/gnutls-1.0.20-3.2.2.src.rpm
e3d0e0b8feeb7ddd63d58add0af060fe gnutls-1.0.20-3.2.2.src.rpm

i386:
570aa2e7bcf5dc43955fd0325e9b4a18 gnutls-1.0.20-3.2.2.i386.rpm
bbd51e80f02d982d739a7e2b68a11bfb gnutls-devel-1.0.20-3.2.2.i386.rpm

ia64:
570aa2e7bcf5dc43955fd0325e9b4a18 gnutls-1.0.20-3.2.2.i386.rpm
2448a7e4fd671cced661887bcd4173aa gnutls-1.0.20-3.2.2.ia64.rpm
c8bfadde8d6b1697e99fcf6e900f3053 gnutls-devel-1.0.20-3.2.2.ia64.rpm

ppc:
f48a6f32beed6eca2951a09049d4c829 gnutls-1.0.20-3.2.2.ppc.rpm
573c67f099524b55dc3e804881c6e16f gnutls-1.0.20-3.2.2.ppc64.rpm
4dc01d3e6597d5a0cb40fd882f3eb6ec gnutls-devel-1.0.20-3.2.2.ppc.rpm

s390:
2373e3a694eb53384a94a5502cf3dc37 gnutls-1.0.20-3.2.2.s390.rpm
1ae014903f30f6c23ad89a52a050db92 gnutls-devel-1.0.20-3.2.2.s390.rpm

s390x:
2373e3a694eb53384a94a5502cf3dc37 gnutls-1.0.20-3.2.2.s390.rpm
c6966e61cc3896354493d875d3c950b9 gnutls-1.0.20-3.2.2.s390x.rpm
521d0c697d9f1f35f2564475a20ca809 gnutls-devel-1.0.20-3.2.2.s390x.rpm

x86_64:
570aa2e7bcf5dc43955fd0325e9b4a18 gnutls-1.0.20-3.2.2.i386.rpm
1aa362a034c36522e39b124fdc7230db gnutls-1.0.20-3.2.2.x86_64.rpm
f5a8555652f54655f8eb42149f3b1a1d gnutls-devel-1.0.20-3.2.2.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/gnutls-1.0.20-3.2.2.src.rpm
e3d0e0b8feeb7ddd63d58add0af060fe gnutls-1.0.20-3.2.2.src.rpm

i386:
570aa2e7bcf5dc43955fd0325e9b4a18 gnutls-1.0.20-3.2.2.i386.rpm
bbd51e80f02d982d739a7e2b68a11bfb gnutls-devel-1.0.20-3.2.2.i386.rpm

x86_64:
570aa2e7bcf5dc43955fd0325e9b4a18 gnutls-1.0.20-3.2.2.i386.rpm
1aa362a034c36522e39b124fdc7230db gnutls-1.0.20-3.2.2.x86_64.rpm
f5a8555652f54655f8eb42149f3b1a1d gnutls-devel-1.0.20-3.2.2.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/gnutls-1.0.20-3.2.2.src.rpm
e3d0e0b8feeb7ddd63d58add0af060fe gnutls-1.0.20-3.2.2.src.rpm

i386:
570aa2e7bcf5dc43955fd0325e9b4a18 gnutls-1.0.20-3.2.2.i386.rpm
bbd51e80f02d982d739a7e2b68a11bfb gnutls-devel-1.0.20-3.2.2.i386.rpm

ia64:
570aa2e7bcf5dc43955fd0325e9b4a18 gnutls-1.0.20-3.2.2.i386.rpm
2448a7e4fd671cced661887bcd4173aa gnutls-1.0.20-3.2.2.ia64.rpm
c8bfadde8d6b1697e99fcf6e900f3053 gnutls-devel-1.0.20-3.2.2.ia64.rpm

x86_64:
570aa2e7bcf5dc43955fd0325e9b4a18 gnutls-1.0.20-3.2.2.i386.rpm
1aa362a034c36522e39b124fdc7230db gnutls-1.0.20-3.2.2.x86_64.rpm
f5a8555652f54655f8eb42149f3b1a1d gnutls-devel-1.0.20-3.2.2.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/gnutls-1.0.20-3.2.2.src.rpm
e3d0e0b8feeb7ddd63d58add0af060fe gnutls-1.0.20-3.2.2.src.rpm

i386:
570aa2e7bcf5dc43955fd0325e9b4a18 gnutls-1.0.20-3.2.2.i386.rpm
bbd51e80f02d982d739a7e2b68a11bfb gnutls-devel-1.0.20-3.2.2.i386.rpm

ia64:
570aa2e7bcf5dc43955fd0325e9b4a18 gnutls-1.0.20-3.2.2.i386.rpm
2448a7e4fd671cced661887bcd4173aa gnutls-1.0.20-3.2.2.ia64.rpm
c8bfadde8d6b1697e99fcf6e900f3053 gnutls-devel-1.0.20-3.2.2.ia64.rpm

x86_64:
570aa2e7bcf5dc43955fd0325e9b4a18 gnutls-1.0.20-3.2.2.i386.rpm
1aa362a034c36522e39b124fdc7230db gnutls-1.0.20-3.2.2.x86_64.rpm
f5a8555652f54655f8eb42149f3b1a1d gnutls-devel-1.0.20-3.2.2.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0645

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.