Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Gentoo GLSA 200609-15 Normal Severity GnuTLS Signature Forgery Risk

gentoo
Calendar Grey September 26, 2006
Dist Gentoo Esm H88
The GnuTLS advisory GLSA 202304-18 brings attention to a vulnerability involving certificate signing weaknesses as a result of improper data processing. Immediate patching recommended!
GnuTLS fails to handle excess data which could allow an attacker to forge a PKCS #1 v1.5 signature.

Summary

Gentoo Linux Security Advisory GLSA 200609-15 https://security.gentoo.org/ Severity: Normal Title: GnuTLS: RSA Signature Forgery Date: September 26, 2006 Bugs: #147682 ID: 200609-15

Synopsis ======= GnuTLS fails to handle excess data which could allow an attacker to forge a PKCS #1 v1.5 signature.
Background ========= GnuTLS is an implementation of SSL 3.0 and TLS 1.0.
Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/gnutls < 1.4.4 >= 1.4.4
========== verify.c fails to properly handle excess data in digestAlgorithm.parameters field while generating a hash when using an RSA key with exponent 3. RSA keys that use exponent 3 are commonplace.
Impac...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory Gentoo software update remote attack normal severity signature forgery GnuTLS

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Topics%20covered

Topics Covered

security advisory Gentoo software update remote attack normal severity signature forgery GnuTLS

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Your message here