-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  gnutls (SSA:2008-315-01)

New gnutls packages are available for Slackware 12.0, 12.1, and -current to
fix a security issue.

NOTE:  The package for 12.0 has a different shared library soname, and the
packages for 12.1 and -current have an API/ABI change.  Only the Pidgin package
in Slackware links with GnuTLS, and upgraded Pidgin packages have also been
made available.  However, if the updated GnuTLS package is installed any other
custom-compiled software that uses GnuTLS may need to be recompiled.

More details about this issue will become available in the Common
Vulnerabilities and Exposures (CVE) database:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4989


Here are the details from the Slackware 12.1 ChangeLog:
+--------------------------+
patches/packages/gnutls-2.6.1-i486-1_slack12.1.tgz:
  Upgraded to gnutls-2.6.1.
  From the gnutls-2.6.1 NEWS file:
    ** libgnutls: Fix X.509 certificate chain validation error.
    [GNUTLS-SA-2008-3]  The flaw makes it possible for man in the middle
    attackers (i.e., active attackers) to assume any name and trick GNU TLS
    clients into trusting that name.  Thanks for report and analysis from
    Martin von Gagern .  [CVE-2008-4989]
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4989
  IMPORTANT NOTE:  This update modifies the API and ABI for the
  gnutls_pk_params_st function.  Any software that uses the function will
  need to be recompiled.
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

HINT:  Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try.  This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.

Thanks to the friendly folks at the OSU Open Source Lab
(https://osuosl.org/) for donating additional FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://www.slackware.com/ for
additional mirror sites near you.

Updated package for Slackware 12.0:

Updated package for Slackware 12.1:

Updated package for Slackware -current:


MD5 signatures:
+-------------+

Slackware 12.0 package:
b2f8679618d7bca27161ee9e77e40be7  gnutls-2.6.1-i486-1_slack12.0.tgz

Slackware 12.1 package:
d71c4984aeb90571d57d55129913fa19  gnutls-2.6.1-i486-1_slack12.1.tgz

Slackware -current package:
a8bb0f8f70b96135a69e3eba04122e7a  gnutls-2.6.1-i486-1.tgz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg gnutls-2.6.1-i486-1_slack12.1.tgz

Also install the new Pidgin package if you use it.  Slackware 12.0 will
require a recompile of any locally compiled GnuTLS linked packages.
Recompiling locally compiled GnuTLS linked software is also recommended
with Slackware 12.1 and -current, although it is probable that a lot of
software would work without a recompile since only a single function
(gnutls_pk_params_st) was changed.


+-----+

Slackware: 2008-315-01: gnutls Security Update

November 11, 2008
New gnutls packages are available for Slackware 12.0, 12.1, and -current to fix a security issue

Summary

Here are the details from the Slackware 12.1 ChangeLog: patches/packages/gnutls-2.6.1-i486-1_slack12.1.tgz: Upgraded to gnutls-2.6.1. From the gnutls-2.6.1 NEWS file: ** libgnutls: Fix X.509 certificate chain validation error. [GNUTLS-SA-2008-3] The flaw makes it possible for man in the middle attackers (i.e., active attackers) to assume any name and trick GNU TLS clients into trusting that name. Thanks for report and analysis from Martin von Gagern . [CVE-2008-4989] For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4989 IMPORTANT NOTE: This update modifies the API and ABI for the gnutls_pk_params_st function. Any software that uses the function will need to be recompiled. (* Security fix *)

Where Find New Packages

HINT: Getting slow download speeds from ftp.slackware.com? Give slackware.osuosl.org a try. This is another primary FTP site for Slackware that can be considerably faster than downloading directly from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating additional FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated package for Slackware 12.0:
Updated package for Slackware 12.1:
Updated package for Slackware -current:

MD5 Signatures

Slackware 12.0 package: b2f8679618d7bca27161ee9e77e40be7 gnutls-2.6.1-i486-1_slack12.0.tgz
Slackware 12.1 package: d71c4984aeb90571d57d55129913fa19 gnutls-2.6.1-i486-1_slack12.1.tgz
Slackware -current package: a8bb0f8f70b96135a69e3eba04122e7a gnutls-2.6.1-i486-1.tgz

Severity
[slackware-security] gnutls (SSA:2008-315-01)
New gnutls packages are available for Slackware 12.0, 12.1, and -current to fix a security issue.
NOTE: The package for 12.0 has a different shared library soname, and the packages for 12.1 and -current have an API/ABI change. Only the Pidgin package in Slackware links with GnuTLS, and upgraded Pidgin packages have also been made available. However, if the updated GnuTLS package is installed any other custom-compiled software that uses GnuTLS may need to be recompiled.
More details about this issue will become available in the Common Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4989

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg gnutls-2.6.1-i486-1_slack12.1.tgz Also install the new Pidgin package if you use it. Slackware 12.0 will require a recompile of any locally compiled GnuTLS linked packages. Recompiling locally compiled GnuTLS linked software is also recommended with Slackware 12.1 and -current, although it is probable that a lot of software would work without a recompile since only a single function (gnutls_pk_params_st) was changed.

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved