[gnutls-dev] GnuTLS 1.2.3 and 1.0.25
jas at extundo.com
Thu Apr 28 13:06:48 CEST 2005
We are pleased to announce the availability of two new GnuTLS
releases; GnuTLS 1.2.3 and GnuTLS 1.0.25!
These releases were prompted by the discovery of a denial of service
We recommend 1.0 users to move to 1.2. We will continue to make
releases on the old branch when security problems are discovered, for
those who feel unable to upgrade.
We do not have the resources to analyze and write an explanation of
this security problem. Volunteers who want to read the bug reports
and the CVS changes, and write up an explanation in plain English, are
most welcome! Having a detailed track record of security problems can
be a useful reference when discussing security in free software
packages in general. Naturally, if you wish to sponsor us to do this
work for you, please contact me.
PS. The ftp.gnutls.org server appear down at the moment, but the
files below will be available as soon as possible.
If you need help to use GnuTLS, or want to help others, you are
invited to join our help-gnutls mailing list, see:
The project page of the library is available at:
http://josefsson.org/gnutls/ (updated fastest)
Here are the compressed sources:
Here are GPG detached signatures signed using key 0xB565716F:
Here are the build reports for various platforms:
Here are the MD5/SHA1 checksums:
Noteworthy changes since version 1.0.24/1.2.3:
- Corrected bug in record packet parsing that could lead
to a denial of service attack.
- Corrected bug in RSA key export. Previously exported keys
can be fixed using certtool. Use certtool -k <infile >outfile
- API and ABI modifications:
Nikos and Simon
More information about the Gnutls-devel