Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
All Products
Red Hat Product Errata RHSA-2006:0207 - Security Advisory
Issued:
2006-02-10
Updated:
2006-02-10

RHSA-2006:0207 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

gnutls security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated gnutls packages that fix a security issue are now available for Red
Hat Enterprise Linux 4.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Description

The GNU TLS Library provides support for cryptographic algorithms and
protocols such as TLS. GNU TLS includes Libtasn1, a library developed for
ASN.1 structures management that includes DER encoding and decoding.

Several flaws were found in the way libtasn1 decodes DER. An attacker
could create a carefully crafted invalid X.509 certificate in such a way
that could trigger this flaw if parsed by an application that uses GNU TLS.
This could lead to a denial of service (application crash). It is not
certain if this issue could be escalated to allow arbitrary code execution.
The Common Vulnerabilities and Exposures project assigned the name
CVE-2006-0645 to this issue.

In Red Hat Enterprise Linux 4, the GNU TLS library is only used by the
Evolution client when connecting to an Exchange server or when publishing
calendar information to a WebDAV server.

Users are advised to upgrade to these updated packages, which contain a
backported patch from the GNU TLS maintainers to correct this issue.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Affected Products

  • Red Hat Enterprise Linux Server 4 x86_64
  • Red Hat Enterprise Linux Server 4 ia64
  • Red Hat Enterprise Linux Server 4 i386
  • Red Hat Enterprise Linux Workstation 4 x86_64
  • Red Hat Enterprise Linux Workstation 4 ia64
  • Red Hat Enterprise Linux Workstation 4 i386
  • Red Hat Enterprise Linux Desktop 4 x86_64
  • Red Hat Enterprise Linux Desktop 4 i386
  • Red Hat Enterprise Linux for IBM z Systems 4 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390
  • Red Hat Enterprise Linux for Power, big endian 4 ppc

Fixes

  • BZ - 180903 - CVE-2006-0645 GnuTLS x509 DER DoS

CVEs

  • CVE-2006-0645

References

(none)

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 4

SRPM
gnutls-1.0.20-3.2.2.src.rpm SHA-256: 334b95fb514fd2c46777959872ba92b7e95b9b9dd53b2a5b3e95944096e7daf1
x86_64
gnutls-1.0.20-3.2.2.i386.rpm SHA-256: 179a7e5ebd4b0415e25cc6e7cab456606f30744f9d7fd57c6440a38e29c8034d
gnutls-1.0.20-3.2.2.i386.rpm SHA-256: 179a7e5ebd4b0415e25cc6e7cab456606f30744f9d7fd57c6440a38e29c8034d
gnutls-1.0.20-3.2.2.x86_64.rpm SHA-256: e4c0c9e8972916aebbef8eef6a6174d3494341494d4e6107c44993c618840b65
gnutls-1.0.20-3.2.2.x86_64.rpm SHA-256: e4c0c9e8972916aebbef8eef6a6174d3494341494d4e6107c44993c618840b65
gnutls-devel-1.0.20-3.2.2.x86_64.rpm SHA-256: f97f56062a517f9b89b822ff59343f7c7836842d343788d0588fde0e75b62afb
gnutls-devel-1.0.20-3.2.2.x86_64.rpm SHA-256: f97f56062a517f9b89b822ff59343f7c7836842d343788d0588fde0e75b62afb
ia64
gnutls-1.0.20-3.2.2.i386.rpm SHA-256: 179a7e5ebd4b0415e25cc6e7cab456606f30744f9d7fd57c6440a38e29c8034d
gnutls-1.0.20-3.2.2.i386.rpm SHA-256: 179a7e5ebd4b0415e25cc6e7cab456606f30744f9d7fd57c6440a38e29c8034d
gnutls-1.0.20-3.2.2.ia64.rpm SHA-256: 7a1ef0944a1199356a85e536220ec4751a2e2b2996039f459911449df48cf99f
gnutls-1.0.20-3.2.2.ia64.rpm SHA-256: 7a1ef0944a1199356a85e536220ec4751a2e2b2996039f459911449df48cf99f
gnutls-devel-1.0.20-3.2.2.ia64.rpm SHA-256: 99ce5b3510cc78e5a56cacb4e5d0d7caf90e7d4fb4f4447ee7106d431d190214
gnutls-devel-1.0.20-3.2.2.ia64.rpm SHA-256: 99ce5b3510cc78e5a56cacb4e5d0d7caf90e7d4fb4f4447ee7106d431d190214
i386
gnutls-1.0.20-3.2.2.i386.rpm SHA-256: 179a7e5ebd4b0415e25cc6e7cab456606f30744f9d7fd57c6440a38e29c8034d
gnutls-1.0.20-3.2.2.i386.rpm SHA-256: 179a7e5ebd4b0415e25cc6e7cab456606f30744f9d7fd57c6440a38e29c8034d
gnutls-devel-1.0.20-3.2.2.i386.rpm SHA-256: 02102efd2f8ed0c379014f3951fdbff7442f17de8fbf3adbf00f9073bd5890ee
gnutls-devel-1.0.20-3.2.2.i386.rpm SHA-256: 02102efd2f8ed0c379014f3951fdbff7442f17de8fbf3adbf00f9073bd5890ee

Red Hat Enterprise Linux Workstation 4

SRPM
gnutls-1.0.20-3.2.2.src.rpm SHA-256: 334b95fb514fd2c46777959872ba92b7e95b9b9dd53b2a5b3e95944096e7daf1
x86_64
gnutls-1.0.20-3.2.2.i386.rpm SHA-256: 179a7e5ebd4b0415e25cc6e7cab456606f30744f9d7fd57c6440a38e29c8034d
gnutls-1.0.20-3.2.2.x86_64.rpm SHA-256: e4c0c9e8972916aebbef8eef6a6174d3494341494d4e6107c44993c618840b65
gnutls-devel-1.0.20-3.2.2.x86_64.rpm SHA-256: f97f56062a517f9b89b822ff59343f7c7836842d343788d0588fde0e75b62afb
ia64
gnutls-1.0.20-3.2.2.i386.rpm SHA-256: 179a7e5ebd4b0415e25cc6e7cab456606f30744f9d7fd57c6440a38e29c8034d
gnutls-1.0.20-3.2.2.ia64.rpm SHA-256: 7a1ef0944a1199356a85e536220ec4751a2e2b2996039f459911449df48cf99f
gnutls-devel-1.0.20-3.2.2.ia64.rpm SHA-256: 99ce5b3510cc78e5a56cacb4e5d0d7caf90e7d4fb4f4447ee7106d431d190214
i386
gnutls-1.0.20-3.2.2.i386.rpm SHA-256: 179a7e5ebd4b0415e25cc6e7cab456606f30744f9d7fd57c6440a38e29c8034d
gnutls-devel-1.0.20-3.2.2.i386.rpm SHA-256: 02102efd2f8ed0c379014f3951fdbff7442f17de8fbf3adbf00f9073bd5890ee

Red Hat Enterprise Linux Desktop 4

SRPM
gnutls-1.0.20-3.2.2.src.rpm SHA-256: 334b95fb514fd2c46777959872ba92b7e95b9b9dd53b2a5b3e95944096e7daf1
x86_64
gnutls-1.0.20-3.2.2.i386.rpm SHA-256: 179a7e5ebd4b0415e25cc6e7cab456606f30744f9d7fd57c6440a38e29c8034d
gnutls-1.0.20-3.2.2.x86_64.rpm SHA-256: e4c0c9e8972916aebbef8eef6a6174d3494341494d4e6107c44993c618840b65
gnutls-devel-1.0.20-3.2.2.x86_64.rpm SHA-256: f97f56062a517f9b89b822ff59343f7c7836842d343788d0588fde0e75b62afb
i386
gnutls-1.0.20-3.2.2.i386.rpm SHA-256: 179a7e5ebd4b0415e25cc6e7cab456606f30744f9d7fd57c6440a38e29c8034d
gnutls-devel-1.0.20-3.2.2.i386.rpm SHA-256: 02102efd2f8ed0c379014f3951fdbff7442f17de8fbf3adbf00f9073bd5890ee

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
gnutls-1.0.20-3.2.2.src.rpm SHA-256: 334b95fb514fd2c46777959872ba92b7e95b9b9dd53b2a5b3e95944096e7daf1
s390x
gnutls-1.0.20-3.2.2.s390.rpm SHA-256: 7948b547bcb12a81604a98eed9ade50517fe8b3609f6b138caf348c780be3000
gnutls-1.0.20-3.2.2.s390x.rpm SHA-256: eead78028a70f3264b1b3b0abc29acdf7ffe968e008cffa8e1fc035be45ad67c
gnutls-devel-1.0.20-3.2.2.s390x.rpm SHA-256: ec984d3eb8f94bf1cd0aff978fba009ef0c8759e0816dca4823e94376528fe5a
s390
gnutls-1.0.20-3.2.2.s390.rpm SHA-256: 7948b547bcb12a81604a98eed9ade50517fe8b3609f6b138caf348c780be3000
gnutls-devel-1.0.20-3.2.2.s390.rpm SHA-256: c42f53542abdfeacbef87e6df42f8fbcecbab51505db5c5ddd4e2faec3d55fdd

Red Hat Enterprise Linux for Power, big endian 4

SRPM
gnutls-1.0.20-3.2.2.src.rpm SHA-256: 334b95fb514fd2c46777959872ba92b7e95b9b9dd53b2a5b3e95944096e7daf1
ppc
gnutls-1.0.20-3.2.2.ppc.rpm SHA-256: b0e8b279203fcf3ea4da82515d1bf00e9ab77d02ce7646ab89691e7153aa98c3
gnutls-1.0.20-3.2.2.ppc64.rpm SHA-256: db0d4735e5021a28cf8334dd444d109dedb5805a01b96da676c601d4d320b5da
gnutls-devel-1.0.20-3.2.2.ppc.rpm SHA-256: 2ba34d0b5b9faea3f07bef110976493db542c71f3081a15f3cb95944a2daad2b

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
Copyright © 2022 Red Hat, Inc.
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Red Hat Summit
Twitter