Fedora 10: 2009-0419 Critical: TrustedQSL Signature Issue Fix
fedora
January 14, 2009
The TrustedQSL library incorrectly checked the result after calling the EVP_VerifyFinal function, allowing a malformed signature to be treated as a good signature rather than as...
Summary
The TrustedQSL library is used for generating digitally signed
QSO records (records of Amateur Radio contacts). This package
contains the library and configuration files needed to run
TrustedQSL applications.
The TrustedQSL library incorrectly checked the result after calling the
EVP_VerifyFinal function, allowing a malformed signature to be treated as a good
signature rather than as an error. Package includes a patch to fix
EVP_VerifyFinal result check.
* Mon Jan 12 2009 Lucian Langa
- modify patch0 to include fix for #479650 (CVE-2008-5077 related)
[ 1 ] Bug #479650 - tqsllib: OpenSSL incorrect checks for malformed signatures
https://bugzilla.redhat.com/show_bug.cgi?id=479650
su -c 'yum update tqsllib' at the command line.
For more information, refer to "Managing Software with yum",
available at .
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/
Change Log
References
Update Instructions
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
Product: Fedora 10
Version: 2.0
Release: 5.fc10
Summary: The TrustedQSL library
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!