Fedora 9: 2009-0543 Medium: TrustedQSL Malformed Signature Risk

The TrustedQSL library is used for generating digitally signed

QSO records (records of Amateur Radio contacts). This package

contains the library and configuration files needed to run

TrustedQSL applications.

The TrustedQSL library incorrectly checked the result after calling the

EVP_VerifyFinal function, allowing a malformed signature to be treated as a good

signature rather than as an error. Package includes a patch to fix

EVP_VerifyFinal result check.

* Mon Jan 12 2009 Lucian Langa - 2.0-5

- modify patch0 to include fix for #479650 (CVE-2008-5077 related)

[ 1 ] Bug #479650 - tqsllib: OpenSSL incorrect checks for malformed signatures

https://bugzilla.redhat.com/show_bug.cgi?id=479650

su -c 'yum update tqsllib' at the command line.

For more information, refer to "Managing Software with yum",

available at .

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/