Pardus Linux Security Advisory 2008-70 -A vulnerability has been reported in GnuTLS, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an error when validating the X.509 certificate chain and can be exploited to spoof arbitrary names e.g. during a Man-in-the-Middle (MitM) attack.
3c2662b7e460287e9cc145ea7d0b9487ff84e81276c0932011ff5059ef43322b------------------------------------------------------------------------
Pardus Linux Security Advisory 2008-70 security@pardus.org.tr
------------------------------------------------------------------------
Date: 2008-11-14
Severity: 3
Type: Remote
------------------------------------------------------------------------
Summary
=======
A vulnerability has been reported in GnuTLS, which can be exploited by
malicious people to bypass certain security restrictions.
Description
===========
The vulnerability is caused due to an error when validating the X.509
certificate chain and can be exploited to spoof arbitrary names e.g.
during a Man-in-the-Middle (MitM) attack.
Affected packages:
Pardus 2008:
gnutls, all before 2.2.5-13-5
Resolution
==========
There are update(s) for gnutls. You can update them via Package Manager
or with a single command from console:
pisi up gnutls
References
==========
* http://bugs.pardus.org.tr/show_bug.cgi?id=8626
* http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3215
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4989
------------------------------------------------------------------------
--
Pardus Security Team
http://security.pardus.org.tr
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed