SCIENTIFIC-LINUX-ERRATA Archives

August 2009

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Moderate: gnutls on SL4.x, SL5.x i386/x86_64
From:
Troy Dawson <[log in to unmask]>
Reply To:
Troy Dawson <[log in to unmask]>
Date:
Thu, 27 Aug 2009 13:00:29 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (44 lines) 
Synopsis:	Moderate: gnutls security update
Issue date:	2009-08-26
CVE Names:	CVE-2009-2730

CVE-2009-2730 gnutls: incorrect verification of SSL certificate with NUL 
in name (GNUTLS-SA-2009-4)

A flaw was discovered in the way GnuTLS handles NULL characters in 
certain fields of X.509 certificates. If an attacker is able to get a
carefully-crafted certificate signed by a Certificate Authority trusted 
by an application using GnuTLS, the attacker could use the certificate 
during a man-in-the-middle attack and potentially confuse the 
application into accepting it by mistake. (CVE-2009-2730)

SL 4.x

      SRPMS:
gnutls-1.0.20-4.el4_8.3.src.rpm
      i386:
gnutls-1.0.20-4.el4_8.3.i386.rpm
gnutls-devel-1.0.20-4.el4_8.3.i386.rpm
      x86_64:
gnutls-1.0.20-4.el4_8.3.i386.rpm
gnutls-1.0.20-4.el4_8.3.x86_64.rpm
gnutls-devel-1.0.20-4.el4_8.3.x86_64.rpm

SL 5.x

      SRPMS:
gnutls-1.4.1-3.el5_3.5.src.rpm
      i386:
gnutls-1.4.1-3.el5_3.5.i386.rpm
gnutls-devel-1.4.1-3.el5_3.5.i386.rpm
gnutls-utils-1.4.1-3.el5_3.5.i386.rpm
      x86_64:
gnutls-1.4.1-3.el5_3.5.i386.rpm
gnutls-1.4.1-3.el5_3.5.x86_64.rpm
gnutls-devel-1.4.1-3.el5_3.5.i386.rpm
gnutls-devel-1.4.1-3.el5_3.5.x86_64.rpm
gnutls-utils-1.4.1-3.el5_3.5.x86_64.rpm

-Connie Sieh
-Troy Dawson

ATOM RSS1 RSS2