[gnutls-dev] GnuTLS 1.2.3 and 1.0.25
Simon Josefsson
jas at extundo.com
Thu Apr 28 13:06:48 CEST 2005
We are pleased to announce the availability of two new GnuTLS
releases; GnuTLS 1.2.3 and GnuTLS 1.0.25!
These releases were prompted by the discovery of a denial of service
problem.
We recommend 1.0 users to move to 1.2. We will continue to make
releases on the old branch when security problems are discovered, for
those who feel unable to upgrade.
We do not have the resources to analyze and write an explanation of
this security problem. Volunteers who want to read the bug reports
and the CVS changes, and write up an explanation in plain English, are
most welcome! Having a detailed track record of security problems can
be a useful reference when discussing security in free software
packages in general. Naturally, if you wish to sponsor us to do this
work for you, please contact me.
PS. The ftp.gnutls.org server appear down at the moment, but the
files below will be available as soon as possible.
If you need help to use GnuTLS, or want to help others, you are
invited to join our help-gnutls mailing list, see:
<http://lists.gnu.org/mailman/listinfo/help-gnutls>.
The project page of the library is available at:
http://www.gnutls.org/
http://www.gnu.org/software/gnutls/
http://josefsson.org/gnutls/ (updated fastest)
Here are the compressed sources:
http://josefsson.org/gnutls/releases/gnutls-1.0.25.tar.gz (1.5MB)
ftp://ftp.gnutls.org/pub/gnutls/devel/gnutls-1.0.25.tar.gz (1.5MB)
http://josefsson.org/gnutls/releases/gnutls-1.2.3.tar.bz2 (2.4MB)
ftp://ftp.gnutls.org/pub/gnutls/devel/gnutls-1.2.3.tar.bz2 (2.4MB)
Here are GPG detached signatures signed using key 0xB565716F:
http://josefsson.org/gnutls/releases/gnutls-1.0.25.tar.gz.sig
ftp://ftp.gnutls.org/pub/gnutls/devel/gnutls-1.0.25.tar.gz.sig
http://josefsson.org/gnutls/releases/gnutls-1.2.3.tar.bz2.sig
ftp://ftp.gnutls.org/pub/gnutls/devel/gnutls-1.2.3.tar.bz2.sig
Here are the build reports for various platforms:
http://josefsson.org/autobuild-logs/gnutls.html
Here are the MD5/SHA1 checksums:
3585b5b204135e51e0efc9084b3e028b gnutls-1.0.25.tar.gz
80527e5a5d17e199cb8a2848178990a6 gnutls-1.0.25.tar.gz.sig
e790b848b9aa1e98d8f28ecf522d8e5dc7e0cb0b gnutls-1.0.25.tar.gz
7db580ff783bcfb2febe5085f3a3ad10d76d5508 gnutls-1.0.25.tar.gz.sig
4986c2bf8ce533d6b5d4dd6f9f1bbdf1 gnutls-1.2.3.tar.bz2
04a61b016ae24c4b7983c2373c9e023c gnutls-1.2.3.tar.bz2.sig
78e1b92a9d818479faca9042d446eed61770fb17 gnutls-1.2.3.tar.bz2
c3ccbd42db7918e5d1f69dbdd40e755f8fa5a985 gnutls-1.2.3.tar.bz2.sig
Noteworthy changes since version 1.0.24/1.2.3:
- Corrected bug in record packet parsing that could lead
to a denial of service attack.
- Corrected bug in RSA key export. Previously exported keys
can be fixed using certtool. Use certtool -k <infile >outfile
- API and ABI modifications:
gnutls_x509_privkey_fix(): Add.
Enjoy,
Nikos and Simon
More information about the Gnutls-devel
mailing list