Gentoo Linux Security Advisory 201206-18 - Multiple vulnerabilities have been found in GnuTLS, allowing a remote attacker to perform man-in-the-middle or Denial of Service attacks. Versions less than 2.12.18 are affected.
c75c8a7a91c5efaf8a508739dcbabd15dd3969086e8b5d633124183f164ef053Gentoo Linux Security Advisory 201110-5 - Multiple vulnerabilities were found in GnuTLS, allowing for easier man-in-the-middle attacks. Versions less than 2.10.0 are affected.
3545aa8d55f2bf105713aa28ad3ddad8c8ca7f796307b025bb1255abe43b0827Mandriva Linux Security Advisory 2009-308 - gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup. A vulnerability have been discovered and corrected in GnuTLS before 2.8.2, which could allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. Packages for 2008.0 are being provided due to extended support for Corporate products. This update fixes this vulnerability.
bcab65810e1df1bbd34d0446f0107046e9266266308d7551d40416e63d8ef9f3Debian Linux Security Advisory 1935-1 - Dan Kaminsky and Moxie Marlinspike discovered that gnutls, an implementation of the TLS/SSL protocol, does not properly handle a '\\0' character in a domain name in the subject's Common Name or Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. In addition, with this update, certificates with MD2 hash signatures are no longer accepted since they're no longer considered cryptograhically secure.
f865f82f07d73c848ba941571d0b49f816946149bd8f70b4226dc437168d8570Ubuntu Security Notice USN-809-1 - Multiple vulnerabilities in gnutls12, gnutls13, and gnutls26 have been addressed.
b92205b37169716ba97e50429020fd3909591b35ccbe74027c607e8e62403c93Mandriva Linux Security Advisory 2009-210 - A vulnerability have been discovered and corrected in GnuTLS before 2.8.2, which could allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. This update fixes this vulnerability.
eadbf55cae152edc723e6474013dda54a57861be478774358cae28695bda3567
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed