I am happy to announce GnuTLS 1.4.3, a security bugfix release on the stable 1.4 branch. This version is what we recommend for those who need a stable version of GnuTLS.
GnuTLS is a modern C library that implement the standard network security protocol Transport Layer Security (TLS), for use by network applications. Noteworthy changes since 1.4.2: ** Fix PKCS#1 verification to avoid a variant of Bleichenbacher's ** Crypto 06 rump session attack. In particular, we check that the digestAlgorithm.parameters field is empty, to avoid that it can contain "garbage" that may be used to alter the numeric properties of the signature. See <http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html> (which is not exactly the same as the problem we fix here). Reported by Yutaka OIWA <[EMAIL PROTECTED]>. See GNUTLS-SA-2006-4 on http://www.gnutls.org/security.html for more up to date information. ** Fix PKCS#1 decryption to avoid Bleichenbacher's Crypto 98 attack. See <http://www.bell-labs.com/user/bleichen/papers/pkcs.ps.gz>. Reported by Werner Koch <[EMAIL PROTECTED]>. See GNUTLS-SA-2006-3 on http://www.gnutls.org/security.html for more up to date information. ** Fix crash in gnutls_x509_crt_sign2 if passed a NULL issuer_key. ** API and ABI modifications: No changes since last version. Improving GnuTLS is costly, but you can help! We are looking for organizations that find GnuTLS useful and wish to contribute back. You can contribute by reporting bugs, improve the software, or donate money or equipment. Commercial support contracts for GnuTLS are available, and they help finance continued maintenance. Simon Josefsson Datakonsult, a Stockholm based privately held company, is currently funding GnuTLS maintenance. We are always looking for interesting development projects. See http://josefsson.org/ for more details. All manual formats are available from: http://www.gnutls.org/manual/ Direct link to the most popular formats: http://www.gnutls.org/manual/gnutls.html - HTML format http://www.gnutls.org/manual/gnutls.pdf - PDF format http://www.gnutls.org/reference/ch01.html - API Reference, GTK-DOC HTML If you need help to use GnuTLS, or want to help others, you are invited to join our help-gnutls mailing list, see: <http://lists.gnu.org/mailman/listinfo/help-gnutls>. The project page of the library is available at: http://www.gnutls.org/ http://www.gnu.org/software/gnutls/ http://josefsson.org/gnutls/ Here are the compressed sources (3.9MB): http://josefsson.org/gnutls/releases/gnutls-1.4.3.tar.bz2 Here are GPG detached signatures signed using key 0xB565716F: http://josefsson.org/gnutls/releases/gnutls-1.4.3.tar.bz2.sig The software is cryptographically signed by the author using an OpenPGP key identified by the following information: pub 1280R/B565716F 2002-05-05 [expires: 2007-02-15] uid Simon Josefsson <[EMAIL PROTECTED]> uid Simon Josefsson <[EMAIL PROTECTED]> sub 1280R/4D5D40AE 2002-05-05 [expires: 2007-02-15] sub 1024R/09CC4670 2006-03-18 [expires: 2007-04-22] sub 1024R/AABB1F7B 2006-03-18 [expires: 2007-04-22] sub 1024R/A14C401A 2006-03-18 [expires: 2007-04-22] The key is available from: http://josefsson.org/key.txt dns:b565716f.josefsson.org?TYPE=CERT Here are the SHA-1 and SHA-224 checksums: c4182c3804235d6f3eb2f3e59bb560f22370d4fc gnutls-1.4.3.tar.bz2 b95c5be42a41050328c70a6bee0c5fe0df20274e gnutls-1.4.3.tar.bz2.sig 7cd58744ba1a4628f75f2c9dda2d6af4fcbda28ba155e6afead3035e gnutls-1.4.3.tar.bz2 b84e8452859d3c98575cd5a5a1f6d161dc4c4f63bc7803a4626425ef gnutls-1.4.3.tar.bz2.sig Enjoy, Nikos and Simon
pgpa8cKuMrIzo.pgp
Description: PGP signature
_______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
