[gnutls-dev] About RSA BSAFE libraries denial of service vulnerability

Simon Josefsson simon at josefsson.org
Tue May 29 12:48:47 CEST 2007


Jeff Cai <Jeff.Cai at Sun.COM> writes:

> Hi,
> Maybe this is a very simple question. But because it concern security,
> it becomes so important. 
> Recently, someone found a security vulnerability of RSA BSAFE libraries
> http://www.kb.cert.org/vuls/id/754281/ I don't know whether GNUTls uses
> RSA algorithm or has similar problem.

GnuTLS doesn't use RSA BSAFE Crypto-C or Cert-C, so if it is a problem
with those particular implementations, we are not affected.

There isn't sufficient technical information in the link you provide
that I can use to tell if GnuTLS is affected by a similar bug though.

/Simon




More information about the Gnutls-devel mailing list