SECURITY: GnuTLS: All DSA keys generated using GnuTLS 2.6.x are corrupt
Richard W.M. Jones
rjones at redhat.com
Thu Apr 30 13:12:19 UTC 2009
<quote>
When investigating the DSA problems reported by Miroslav Kratochvil
(e.g., [1]), Simon Josefsson discovered that all DSA keys generated by
GnuTLS 2.6.x are corrupt. Rather than generating a DSA key, GnuTLS
will generate a RSA key and store it in a DSA structure. The patch to
correct this is trivial, see [PATCH] below. GnuTLS 2.4.x and earlier
did not contain the buggy code.
</quote>
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3516
Not a good day for GnuTLS ...
Rich.
--
Richard Jones, Emerging Technologies, Red Hat http://et.redhat.com/~rjones
virt-p2v converts physical machines to virtual machines. Boot with a
live CD or over the network (PXE) and turn machines into Xen guests.
http://et.redhat.com/~rjones/virt-p2v
More information about the mingw
mailing list