Currently the core GnuTLS team do not have resources to analyse the background and impact of security problems in as much detail as we would want to. However, we do take security seriously. Collecting and publishing information about security incidents in GnuTLS further the goals of the project. So we do want to have useful security advisories.
Our idea is to turn writing security advisory into an open process where everyone can contribute. Everyone is invited to analyse the impact of discovered bugs, and, of course, also to study the code for new bugs.
All serious analysis of bugs will be posted on this page.
If this level of support is inadequate for your needs, customized commercial support can be arranged that better suits your needs.
Send reports to bug-gnutls@gnu.org. That address reaches the maintainer and core developers, and is not archived publicly immediately.
Tag | Severity | Information |
---|---|---|
GNUTLS-SA-2005-1 | Denial of service | Announcement Write-up by Éric Leblond Recommendation: Upgrade to GnuTLS 1.0.25 or 1.2.3. |
GNUTLS-SA-2006-1 CVE-2006-0645 |
Denial of service? | Libtasn1 Announcement Recommendation: Upgrade to Libtasn1 0.2.18 and GnuTLS 1.2.10 (stable) or 1.3.4 (experimental). |
GNUTLS-SA-2006-2 |
Denial of service? | Details Recommendation: Upgrade to GnuTLS 1.4.2. |
None | Announcement Bleichenbacher's Crypto 98 paper Recommendation: No action required, see the post where this advisory is essentially withdrawn. |
|
GNUTLS-SA-2006-4 CVE-2006-4790 (via NVD) |
False positive in verifying signature | Announcement Updated patch Original report Recommendation: Upgrade to GnuTLS 1.4.4. |
Please send inquiries about GNU and the FSF to
Free Software Foundation Voice: +1-617-542-5942 59 Temple Place - Suite 330 Fax: +1-617-542-2652 Boston MA 02111-1307 USA E-Mail: gnu@gnu.org
Please send broken links and other web page corrections (or suggestions) to
The GNU Webmasters webmasters@gnu.org
Please see the Translations README for information on coordinating and submitting translations.
Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004
Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
MA 02111, USA
Verbatim copying and distribution of this entire article are
permitted worldwide without royalty in any medium provided
this notice is preserved.
Updated: $Date: 2007/02/07 10:17:06 $ $Author: jas $