Lucene search

K
centosCentOS ProjectCESA-2009:123
HistoryAug 26, 2009 - 9:53 p.m.

gnutls security update

2009-08-2621:53:11
CentOS Project
lists.centos.org
48

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.002

Percentile

53.9%

CentOS Errata and Security Advisory CESA-2009:123

The GnuTLS library provides support for cryptographic algorithms and for
protocols such as Transport Layer Security (TLS).

A flaw was discovered in the way GnuTLS handles NULL characters in certain
fields of X.509 certificates. If an attacker is able to get a
carefully-crafted certificate signed by a Certificate Authority trusted by
an application using GnuTLS, the attacker could use the certificate during
a man-in-the-middle attack and potentially confuse the application into
accepting it by mistake. (CVE-2009-2730)

Users of GnuTLS are advised to upgrade to these updated packages, which
contain a backported patch that corrects this issue.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2009-August/078277.html
https://lists.centos.org/pipermail/centos-announce/2009-August/078278.html

Affected packages:
gnutls
gnutls-devel
gnutls-utils

Upstream details at:
https://access.redhat.com/errata/RHSA-2009:1232

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.002

Percentile

53.9%