Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory 2008-10162.
#
include("compat.inc");
if (description)
{
script_id(62276);
script_version("$Revision: 1.5 $");
script_cvs_date("$Date: 2015/10/21 22:04:04 $");
script_cve_id("CVE-2008-4989");
script_xref(name:"FEDORA", value:"2008-10162");
script_name(english:"Fedora 10 : gnutls-2.4.2-3.fc10 (2008-10162)");
script_summary(english:"Checks rpm output for the updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Fedora host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
" - Tue Nov 11 2008 Tomas Mraz <tmraz at redhat.com> 2.4.2-3
- fix chain verification issue CVE-2008-4989 (#470079)
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=470079"
);
# https://lists.fedoraproject.org/pipermail/package-announce/2008-November/016558.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?c6ee44dc"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected gnutls package."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_cwe_id(255);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:gnutls");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:10");
script_set_attribute(attribute:"patch_publication_date", value:"2008/11/22");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/24");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.");
script_family(english:"Fedora Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^10([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 10.x", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC10", reference:"gnutls-2.4.2-3.fc10")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnutls");
}
{"id": "FEDORA_2008-10162.NASL", "bulletinFamily": "scanner", "title": "Fedora 10 : gnutls-2.4.2-3.fc10 (2008-10162)", "description": "- Tue Nov 11 2008 Tomas Mraz <tmraz at redhat.com> 2.4.2-3\n\n - fix chain verification issue CVE-2008-4989 (#470079)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2012-09-24T00:00:00", "modified": "2015-10-21T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=62276", "reporter": "Tenable", "references": ["http://www.nessus.org/u?c6ee44dc", "https://bugzilla.redhat.com/show_bug.cgi?id=470079"], "cvelist": ["CVE-2008-4989"], "type": "nessus", "lastseen": "2019-01-16T20:14:50", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:fedoraproject:fedora:10", "p-cpe:/a:fedoraproject:fedora:gnutls"], "cvelist": ["CVE-2008-4989"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "- Tue Nov 11 2008 Tomas Mraz <tmraz at redhat.com> 2.4.2-3\n\n - fix chain verification issue CVE-2008-4989 (#470079)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 2, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "hash": "b067d37a7b1a19f22da6aaed9384cef1278962b9648557e63914f31392c79eb0", "hashmap": [{"hash": "37f98fbb6e18b890d48ade62419b13a5", "key": "cvelist"}, {"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "ce2fdafa74d9c2ad6a3d5f56f69ff8da", "key": "description"}, {"hash": "fb6fd3602e42bfb6f3912faf4115e83f", "key": "cpe"}, {"hash": "ab846ba707fd9787771c8ea71f47be47", "key": "title"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "55dc3a3fb872eb6f48ab81f74a2239e7", "key": "published"}, {"hash": "b22baca3eefc9172b517cd4103cf6701", "key": "references"}, {"hash": "c416722d5afd075b1481cda5afda35f7", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "c30be2aa1fb78f98f4ff30ef2ce2692d", "key": "pluginID"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "55c15b2ee014f410bc35a2ea45f82539", "key": "modified"}, {"hash": "3c2b88dbc58358346a4db9255749e6af", "key": "href"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=62276", "id": "FEDORA_2008-10162.NASL", "lastseen": "2017-10-29T13:35:57", "modified": "2015-10-21T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "62276", "published": "2012-09-24T00:00:00", "references": ["http://www.nessus.org/u?c6ee44dc", "https://bugzilla.redhat.com/show_bug.cgi?id=470079"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-10162.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(62276);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2015/10/21 22:04:04 $\");\n\n script_cve_id(\"CVE-2008-4989\");\n script_xref(name:\"FEDORA\", value:\"2008-10162\");\n\n script_name(english:\"Fedora 10 : gnutls-2.4.2-3.fc10 (2008-10162)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Tue Nov 11 2008 Tomas Mraz <tmraz at redhat.com> 2.4.2-3\n\n - fix chain verification issue CVE-2008-4989 (#470079)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=470079\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-November/016558.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c6ee44dc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnutls package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cwe_id(255);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/11/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^10([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 10.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC10\", reference:\"gnutls-2.4.2-3.fc10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnutls\");\n}\n", "title": "Fedora 10 : gnutls-2.4.2-3.fc10 (2008-10162)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2017-10-29T13:35:57"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:fedoraproject:fedora:10", "p-cpe:/a:fedoraproject:fedora:gnutls"], "cvelist": ["CVE-2008-4989"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "- Tue Nov 11 2008 Tomas Mraz <tmraz at redhat.com> 2.4.2-3\n\n - fix chain verification issue CVE-2008-4989 (#470079)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 3, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "hash": "219349a91b2958d40554b1bf80230e3cfd4009fd3d7a2fe06bf9a128d351bb56", "hashmap": [{"hash": "37f98fbb6e18b890d48ade62419b13a5", "key": "cvelist"}, {"hash": "ce2fdafa74d9c2ad6a3d5f56f69ff8da", "key": "description"}, {"hash": "fb6fd3602e42bfb6f3912faf4115e83f", "key": "cpe"}, {"hash": "ab846ba707fd9787771c8ea71f47be47", "key": "title"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "55dc3a3fb872eb6f48ab81f74a2239e7", "key": "published"}, {"hash": "b22baca3eefc9172b517cd4103cf6701", "key": "references"}, {"hash": "c416722d5afd075b1481cda5afda35f7", "key": "sourceData"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "c30be2aa1fb78f98f4ff30ef2ce2692d", "key": "pluginID"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "55c15b2ee014f410bc35a2ea45f82539", "key": "modified"}, {"hash": "3c2b88dbc58358346a4db9255749e6af", "key": "href"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=62276", "id": "FEDORA_2008-10162.NASL", "lastseen": "2018-08-30T19:35:26", "modified": "2015-10-21T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "62276", "published": "2012-09-24T00:00:00", "references": ["http://www.nessus.org/u?c6ee44dc", "https://bugzilla.redhat.com/show_bug.cgi?id=470079"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-10162.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(62276);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2015/10/21 22:04:04 $\");\n\n script_cve_id(\"CVE-2008-4989\");\n script_xref(name:\"FEDORA\", value:\"2008-10162\");\n\n script_name(english:\"Fedora 10 : gnutls-2.4.2-3.fc10 (2008-10162)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Tue Nov 11 2008 Tomas Mraz <tmraz at redhat.com> 2.4.2-3\n\n - fix chain verification issue CVE-2008-4989 (#470079)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=470079\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-November/016558.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c6ee44dc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnutls package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cwe_id(255);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/11/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^10([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 10.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC10\", reference:\"gnutls-2.4.2-3.fc10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnutls\");\n}\n", "title": "Fedora 10 : gnutls-2.4.2-3.fc10 (2008-10162)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2018-08-30T19:35:26"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:fedoraproject:fedora:10", "p-cpe:/a:fedoraproject:fedora:gnutls"], "cvelist": ["CVE-2008-4989"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "- Tue Nov 11 2008 Tomas Mraz <tmraz at redhat.com> 2.4.2-3\n\n - fix chain verification issue CVE-2008-4989 (#470079)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "hash": "b067d37a7b1a19f22da6aaed9384cef1278962b9648557e63914f31392c79eb0", "hashmap": [{"hash": "37f98fbb6e18b890d48ade62419b13a5", "key": "cvelist"}, {"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "ce2fdafa74d9c2ad6a3d5f56f69ff8da", "key": "description"}, {"hash": "fb6fd3602e42bfb6f3912faf4115e83f", "key": "cpe"}, {"hash": "ab846ba707fd9787771c8ea71f47be47", "key": "title"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "55dc3a3fb872eb6f48ab81f74a2239e7", "key": "published"}, {"hash": "b22baca3eefc9172b517cd4103cf6701", "key": "references"}, {"hash": "c416722d5afd075b1481cda5afda35f7", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "c30be2aa1fb78f98f4ff30ef2ce2692d", "key": "pluginID"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "55c15b2ee014f410bc35a2ea45f82539", "key": "modified"}, {"hash": "3c2b88dbc58358346a4db9255749e6af", "key": "href"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=62276", "id": "FEDORA_2008-10162.NASL", "lastseen": "2018-09-01T23:39:48", "modified": "2015-10-21T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "62276", "published": "2012-09-24T00:00:00", "references": ["http://www.nessus.org/u?c6ee44dc", "https://bugzilla.redhat.com/show_bug.cgi?id=470079"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-10162.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(62276);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2015/10/21 22:04:04 $\");\n\n script_cve_id(\"CVE-2008-4989\");\n script_xref(name:\"FEDORA\", value:\"2008-10162\");\n\n script_name(english:\"Fedora 10 : gnutls-2.4.2-3.fc10 (2008-10162)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Tue Nov 11 2008 Tomas Mraz <tmraz at redhat.com> 2.4.2-3\n\n - fix chain verification issue CVE-2008-4989 (#470079)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=470079\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-November/016558.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c6ee44dc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnutls package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cwe_id(255);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/11/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^10([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 10.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC10\", reference:\"gnutls-2.4.2-3.fc10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnutls\");\n}\n", "title": "Fedora 10 : gnutls-2.4.2-3.fc10 (2008-10162)", "type": "nessus", "viewCount": 0}, "differentElements": ["description"], "edition": 4, "lastseen": "2018-09-01T23:39:48"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2008-4989"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "description": "- Tue Nov 11 2008 Tomas Mraz <tmraz at redhat.com> 2.4.2-3\n\n - fix chain verification issue CVE-2008-4989 (#470079)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 1, "enchantments": {}, "hash": "999b6513007b19677072d14c8842f41cfd103d613aa6166fc388bbe833b4a2cb", "hashmap": [{"hash": "37f98fbb6e18b890d48ade62419b13a5", "key": "cvelist"}, {"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "ce2fdafa74d9c2ad6a3d5f56f69ff8da", "key": "description"}, {"hash": "ab846ba707fd9787771c8ea71f47be47", "key": "title"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "55dc3a3fb872eb6f48ab81f74a2239e7", "key": "published"}, {"hash": "b22baca3eefc9172b517cd4103cf6701", "key": "references"}, {"hash": "c416722d5afd075b1481cda5afda35f7", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "c30be2aa1fb78f98f4ff30ef2ce2692d", "key": "pluginID"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "55c15b2ee014f410bc35a2ea45f82539", "key": "modified"}, {"hash": "3c2b88dbc58358346a4db9255749e6af", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=62276", "id": "FEDORA_2008-10162.NASL", "lastseen": "2016-09-26T17:23:56", "modified": "2015-10-21T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.2", "pluginID": "62276", "published": "2012-09-24T00:00:00", "references": ["http://www.nessus.org/u?c6ee44dc", "https://bugzilla.redhat.com/show_bug.cgi?id=470079"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-10162.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(62276);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2015/10/21 22:04:04 $\");\n\n script_cve_id(\"CVE-2008-4989\");\n script_xref(name:\"FEDORA\", value:\"2008-10162\");\n\n script_name(english:\"Fedora 10 : gnutls-2.4.2-3.fc10 (2008-10162)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Tue Nov 11 2008 Tomas Mraz <tmraz at redhat.com> 2.4.2-3\n\n - fix chain verification issue CVE-2008-4989 (#470079)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=470079\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-November/016558.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c6ee44dc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnutls package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cwe_id(255);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/11/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^10([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 10.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC10\", reference:\"gnutls-2.4.2-3.fc10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnutls\");\n}\n", "title": "Fedora 10 : gnutls-2.4.2-3.fc10 (2008-10162)", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:23:56"}], "edition": 5, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "fb6fd3602e42bfb6f3912faf4115e83f"}, {"key": "cvelist", "hash": "37f98fbb6e18b890d48ade62419b13a5"}, {"key": "cvss", "hash": "6e9bdd2021503689a2ad9254c9cdf2b3"}, {"key": "description", "hash": "d6f79050c97912ac333552f993f8f536"}, {"key": "href", "hash": "3c2b88dbc58358346a4db9255749e6af"}, {"key": "modified", "hash": "55c15b2ee014f410bc35a2ea45f82539"}, {"key": "naslFamily", "hash": "be931514784f88df80712740ad2723e7"}, {"key": "pluginID", "hash": "c30be2aa1fb78f98f4ff30ef2ce2692d"}, {"key": "published", "hash": "55dc3a3fb872eb6f48ab81f74a2239e7"}, {"key": "references", "hash": "b22baca3eefc9172b517cd4103cf6701"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "c416722d5afd075b1481cda5afda35f7"}, {"key": "title", "hash": "ab846ba707fd9787771c8ea71f47be47"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "f706a81571f30a0de8b7c5b077c6b9adb3c37177dc02b1164cb0264edd86a95a", "viewCount": 0, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-4989"]}, {"type": "oraclelinux", "idList": ["ELSA-2008-0982"]}, {"type": "nessus", "idList": ["SUSE_11_0_GNUTLS-081204.NASL", "SL_20081111_GNUTLS_ON_SL5_X.NASL", "SUSE_GNUTLS-6073.NASL", "FREEBSD_PKG_45298931B3BF11DD80F8001CC0377035.NASL", "SLACKWARE_SSA_2008-315-01.NASL", "SUSE_11_1_GNUTLS-090313.NASL", "SUSE_GNUTLS-6079.NASL", "REDHAT-RHSA-2008-0982.NASL", "SUSE_11_GNUTLS-090317.NASL", "ORACLELINUX_ELSA-2008-0982.NASL"]}, {"type": "slackware", "idList": ["SSA-2008-315-01"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231063392", "OPENVAS:830725", "OPENVAS:65886", "OPENVAS:1361412562310830670", "OPENVAS:1361412562310830725", "OPENVAS:63392", "OPENVAS:860874", "OPENVAS:136141256231063226", "OPENVAS:63226", "OPENVAS:63575"]}, {"type": "redhat", "idList": ["RHSA-2008:0982"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:9432", "SECURITYVULNS:DOC:20862", "SECURITYVULNS:DOC:22354"]}, {"type": "freebsd", "idList": ["45298931-B3BF-11DD-80F8-001CC0377035"]}, {"type": "ubuntu", "idList": ["USN-678-2", "USN-678-1", "USN-809-1"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1719-1:E40DB", "DEBIAN:DSA-1719-2:D3BA5"]}, {"type": "seebug", "idList": ["SSV:4429"]}, {"type": "centos", "idList": ["CESA-2008:0982"]}, {"type": "gentoo", "idList": ["GLSA-200901-10"]}], "modified": "2019-01-16T20:14:50"}, "vulnersScore": 2.1}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-10162.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(62276);\n script_version(\"$Revision: 1.5 $\");\n script_cvs_date(\"$Date: 2015/10/21 22:04:04 $\");\n\n script_cve_id(\"CVE-2008-4989\");\n script_xref(name:\"FEDORA\", value:\"2008-10162\");\n\n script_name(english:\"Fedora 10 : gnutls-2.4.2-3.fc10 (2008-10162)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Tue Nov 11 2008 Tomas Mraz <tmraz at redhat.com> 2.4.2-3\n\n - fix chain verification issue CVE-2008-4989 (#470079)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=470079\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-November/016558.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c6ee44dc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnutls package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cwe_id(255);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/11/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^10([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 10.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC10\", reference:\"gnutls-2.4.2-3.fc10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnutls\");\n}\n", "naslFamily": "Fedora Local Security Checks", "pluginID": "62276", "cpe": ["cpe:/o:fedoraproject:fedora:10", "p-cpe:/a:fedoraproject:fedora:gnutls"]}
{"cve": [{"lastseen": "2018-10-12T11:33:48", "bulletinFamily": "NVD", "description": "The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN).", "modified": "2018-10-11T16:53:12", "published": "2008-11-12T20:00:01", "id": "CVE-2008-4989", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4989", "title": "CVE-2008-4989", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "oraclelinux": [{"lastseen": "2018-08-31T01:40:20", "bulletinFamily": "unix", "description": "[1.4.1-3.1]\n- fix chain verification issue CVE-2008-4989 (#470079)", "modified": "2008-11-11T00:00:00", "published": "2008-11-11T00:00:00", "id": "ELSA-2008-0982", "href": "http://linux.oracle.com/errata/ELSA-2008-0982.html", "title": "gnutls security update", "type": "oraclelinux", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "nessus": [{"lastseen": "2019-01-16T20:09:29", "bulletinFamily": "scanner", "description": "gnutls did not properly verify x509 certificate chains. An attacker\ncould exploit that to trick client programs into trusting servers that\nwould normally get rejected (CVE-2008-4989).", "modified": "2014-06-13T00:00:00", "published": "2009-07-21T00:00:00", "id": "SUSE_11_0_GNUTLS-081204.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=39972", "title": "openSUSE Security Update : gnutls (gnutls-358)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update gnutls-358.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(39972);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2014/06/13 19:38:13 $\");\n\n script_cve_id(\"CVE-2008-4989\");\n\n script_name(english:\"openSUSE Security Update : gnutls (gnutls-358)\");\n script_summary(english:\"Check for the gnutls-358 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"gnutls did not properly verify x509 certificate chains. An attacker\ncould exploit that to trick client programs into trusting servers that\nwould normally get rejected (CVE-2008-4989).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=441856\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnutls packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cwe_id(255);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls-extra-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls-extra26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls26-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"gnutls-2.2.2-17.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"libgnutls-devel-2.2.2-17.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"libgnutls-extra-devel-2.2.2-17.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"libgnutls-extra26-2.2.2-17.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"libgnutls26-2.2.2-17.2\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", cpu:\"x86_64\", reference:\"libgnutls26-32bit-2.2.2-17.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnutls / libgnutls-devel / libgnutls-extra-devel / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-01-16T20:14:13", "bulletinFamily": "scanner", "description": "Martin von Gagern discovered a flaw in the way GnuTLS verified\ncertificate chains provided by a server. A malicious server could use\nthis flaw to spoof its identity by tricking client applications using\nthe GnuTLS library to trust invalid certificates. (CVE-2008-4989)", "modified": "2019-01-07T00:00:00", "published": "2012-08-01T00:00:00", "id": "SL_20081111_GNUTLS_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=60492", "title": "Scientific Linux Security Update : gnutls on SL5.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60492);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/01/07 9:52:18\");\n\n script_cve_id(\"CVE-2008-4989\");\n\n script_name(english:\"Scientific Linux Security Update : gnutls on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Martin von Gagern discovered a flaw in the way GnuTLS verified\ncertificate chains provided by a server. A malicious server could use\nthis flaw to spoof its identity by tricking client applications using\nthe GnuTLS library to trust invalid certificates. (CVE-2008-4989)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0811&L=scientific-linux-errata&T=0&P=938\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bbfcdefa\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected gnutls, gnutls-devel and / or gnutls-utils\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cwe_id(255);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"gnutls-1.4.1-3.el5_2.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"gnutls-devel-1.4.1-3.el5_2.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"gnutls-utils-1.4.1-3.el5_2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-01-16T20:16:30", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2008:0982 :\n\nUpdated gnutls packages that fix a security issue are now available\nfor Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe GnuTLS library provides support for cryptographic algorithms and\nfor protocols such as Transport Layer Security (TLS).\n\nMartin von Gagern discovered a flaw in the way GnuTLS verified\ncertificate chains provided by a server. A malicious server could use\nthis flaw to spoof its identity by tricking client applications using\nthe GnuTLS library to trust invalid certificates. (CVE-2008-4989)\n\nUsers of GnuTLS are advised to upgrade to these updated packages,\nwhich contain a backported patch that corrects this issue.", "modified": "2015-12-01T00:00:00", "published": "2013-07-12T00:00:00", "id": "ORACLELINUX_ELSA-2008-0982.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=67768", "title": "Oracle Linux 5 : gnutls (ELSA-2008-0982)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2008:0982 and \n# Oracle Linux Security Advisory ELSA-2008-0982 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67768);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2015/12/01 16:41:02 $\");\n\n script_cve_id(\"CVE-2008-4989\");\n script_xref(name:\"RHSA\", value:\"2008:0982\");\n\n script_name(english:\"Oracle Linux 5 : gnutls (ELSA-2008-0982)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2008:0982 :\n\nUpdated gnutls packages that fix a security issue are now available\nfor Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe GnuTLS library provides support for cryptographic algorithms and\nfor protocols such as Transport Layer Security (TLS).\n\nMartin von Gagern discovered a flaw in the way GnuTLS verified\ncertificate chains provided by a server. A malicious server could use\nthis flaw to spoof its identity by tricking client applications using\nthe GnuTLS library to trust invalid certificates. (CVE-2008-4989)\n\nUsers of GnuTLS are advised to upgrade to these updated packages,\nwhich contain a backported patch that corrects this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-November/000794.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnutls packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cwe_id(255);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnutls-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnutls-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"gnutls-1.4.1-3.el5_2.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"gnutls-devel-1.4.1-3.el5_2.1\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"gnutls-utils-1.4.1-3.el5_2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnutls / gnutls-devel / gnutls-utils\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-01-16T20:08:41", "bulletinFamily": "scanner", "description": "Updated gnutls packages that fix a security issue are now available\nfor Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe GnuTLS library provides support for cryptographic algorithms and\nfor protocols such as Transport Layer Security (TLS).\n\nMartin von Gagern discovered a flaw in the way GnuTLS verified\ncertificate chains provided by a server. A malicious server could use\nthis flaw to spoof its identity by tricking client applications using\nthe GnuTLS library to trust invalid certificates. (CVE-2008-4989)\n\nUsers of GnuTLS are advised to upgrade to these updated packages,\nwhich contain a backported patch that corrects this issue.", "modified": "2018-11-27T00:00:00", "published": "2008-11-12T00:00:00", "id": "REDHAT-RHSA-2008-0982.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=34752", "title": "RHEL 5 : gnutls (RHSA-2008:0982)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0982. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34752);\n script_version (\"1.18\");\n script_cvs_date(\"Date: 2018/11/27 13:31:32\");\n\n script_cve_id(\"CVE-2008-4989\");\n script_xref(name:\"RHSA\", value:\"2008:0982\");\n\n script_name(english:\"RHEL 5 : gnutls (RHSA-2008:0982)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated gnutls packages that fix a security issue are now available\nfor Red Hat Enterprise Linux 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe GnuTLS library provides support for cryptographic algorithms and\nfor protocols such as Transport Layer Security (TLS).\n\nMartin von Gagern discovered a flaw in the way GnuTLS verified\ncertificate chains provided by a server. A malicious server could use\nthis flaw to spoof its identity by tricking client applications using\nthe GnuTLS library to trust invalid certificates. (CVE-2008-4989)\n\nUsers of GnuTLS are advised to upgrade to these updated packages,\nwhich contain a backported patch that corrects this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-4989\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0982\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected gnutls, gnutls-devel and / or gnutls-utils\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cwe_id(255);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gnutls-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gnutls-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/11/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0982\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"gnutls-1.4.1-3.el5_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"gnutls-devel-1.4.1-3.el5_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"gnutls-utils-1.4.1-3.el5_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"gnutls-utils-1.4.1-3.el5_2.1\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"gnutls-utils-1.4.1-3.el5_2.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnutls / gnutls-devel / gnutls-utils\");\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-01-16T20:09:51", "bulletinFamily": "scanner", "description": "The previous security fix for gnutls (CVE-2008-4989) introduced a\nregression in the X.509 validation code for self-signed certificates. \n\nThis update fixes this problem.", "modified": "2013-10-25T00:00:00", "published": "2009-09-24T00:00:00", "id": "SUSE_11_GNUTLS-090317.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=41398", "title": "SuSE 11 Security Update : GnuTLS (SAT Patch Number 632)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(41398);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2013/10/25 23:46:54 $\");\n\n script_cve_id(\"CVE-2008-4989\");\n\n script_name(english:\"SuSE 11 Security Update : GnuTLS (SAT Patch Number 632)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The previous security fix for gnutls (CVE-2008-4989) introduced a\nregression in the X.509 validation code for self-signed certificates. \n\nThis update fixes this problem.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=457938\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-4989.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 632.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cwe_id(255);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libgnutls26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libgnutls26-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2013 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"gnutls-2.4.1-24.16.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"libgnutls26-2.4.1-24.16.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"gnutls-2.4.1-24.16.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"libgnutls26-2.4.1-24.16.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"libgnutls26-32bit-2.4.1-24.16.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"gnutls-2.4.1-24.16.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"libgnutls26-2.4.1-24.16.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"libgnutls26-32bit-2.4.1-24.16.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"libgnutls26-32bit-2.4.1-24.16.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-01-16T20:09:54", "bulletinFamily": "scanner", "description": "The previous security fix for gnutls (CVE-2008-4989) introduced a\nregression in the X.509 validation code for self-signed certificates. \n\nThis update fixes this problem.", "modified": "2012-05-17T00:00:00", "published": "2009-09-24T00:00:00", "id": "SUSE_GNUTLS-6073.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=41516", "title": "SuSE 10 Security Update : GnuTLS (ZYPP Patch Number 6073)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(41516);\n script_version (\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2012/05/17 11:05:46 $\");\n\n script_cve_id(\"CVE-2008-4989\");\n\n script_name(english:\"SuSE 10 Security Update : GnuTLS (ZYPP Patch Number 6073)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The previous security fix for gnutls (CVE-2008-4989) introduced a\nregression in the X.509 validation code for self-signed certificates. \n\nThis update fixes this problem.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-4989.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6073.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cwe_id(255);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2012 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"gnutls-1.2.10-13.15\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"gnutls-devel-1.2.10-13.15\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"gnutls-32bit-1.2.10-13.15\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"gnutls-devel-32bit-1.2.10-13.15\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"gnutls-1.2.10-13.15\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"gnutls-devel-1.2.10-13.15\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"gnutls-32bit-1.2.10-13.15\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"gnutls-devel-32bit-1.2.10-13.15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-01-16T20:08:40", "bulletinFamily": "scanner", "description": "New gnutls packages are available for Slackware 12.0, 12.1, and\n-current to fix a security issue. NOTE: The package for 12.0 has a\ndifferent shared library soname, and the packages for 12.1 and\n-current have an API/ABI change. Only the Pidgin package in Slackware\nlinks with GnuTLS, and upgraded Pidgin packages have also been made\navailable. However, if the updated GnuTLS package is installed any\nother custom-compiled software that uses GnuTLS may need to be\nrecompiled.", "modified": "2013-06-01T00:00:00", "published": "2008-11-11T00:00:00", "id": "SLACKWARE_SSA_2008-315-01.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=34731", "title": "Slackware 12.0 / 12.1 / current : gnutls (SSA:2008-315-01)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2008-315-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34731);\n script_version(\"$Revision: 1.10 $\");\n script_cvs_date(\"$Date: 2013/06/01 00:40:50 $\");\n\n script_cve_id(\"CVE-2008-4989\");\n script_xref(name:\"SSA\", value:\"2008-315-01\");\n\n script_name(english:\"Slackware 12.0 / 12.1 / current : gnutls (SSA:2008-315-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New gnutls packages are available for Slackware 12.0, 12.1, and\n-current to fix a security issue. NOTE: The package for 12.0 has a\ndifferent shared library soname, and the packages for 12.1 and\n-current have an API/ABI change. Only the Pidgin package in Slackware\nlinks with GnuTLS, and upgraded Pidgin packages have also been made\navailable. However, if the updated GnuTLS package is installed any\nother custom-compiled software that uses GnuTLS may need to be\nrecompiled.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.465317\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?96437e7b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnutls package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cwe_id(255);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/11/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2013 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"12.0\", pkgname:\"gnutls\", pkgver:\"2.6.1\", pkgarch:\"i486\", pkgnum:\"1_slack12.0\")) flag++;\n\nif (slackware_check(osver:\"12.1\", pkgname:\"gnutls\", pkgver:\"2.6.1\", pkgarch:\"i486\", pkgnum:\"1_slack12.1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"gnutls\", pkgver:\"2.6.1\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-01-16T20:08:41", "bulletinFamily": "scanner", "description": "SecurityFocus reports :\n\nGnuTLS is prone to a security-bypass vulnerability because the\napplication fails to properly validate chained X.509 certificates.\nSuccessfully exploiting this issue allows attackers to perform\nman-in-the-middle attacks by impersonating trusted servers.\nUnsuspecting users may be under a false sense of security that can aid\nattackers in launching further attacks.", "modified": "2018-11-10T00:00:00", "published": "2008-11-17T00:00:00", "id": "FREEBSD_PKG_45298931B3BF11DD80F8001CC0377035.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=34786", "title": "FreeBSD : gnutls -- X.509 certificate chain validation vulnerability (45298931-b3bf-11dd-80f8-001cc0377035)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34786);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/11/10 11:49:41\");\n\n script_cve_id(\"CVE-2008-4989\");\n script_bugtraq_id(32232);\n\n script_name(english:\"FreeBSD : gnutls -- X.509 certificate chain validation vulnerability (45298931-b3bf-11dd-80f8-001cc0377035)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"SecurityFocus reports :\n\nGnuTLS is prone to a security-bypass vulnerability because the\napplication fails to properly validate chained X.509 certificates.\nSuccessfully exploiting this issue allows attackers to perform\nman-in-the-middle attacks by impersonating trusted servers.\nUnsuspecting users may be under a false sense of security that can aid\nattackers in launching further attacks.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.gnu.org/software/gnutls/security.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.gnu.org/archive/html/gnutls-devel/2008-11/msg00017.html\"\n );\n # https://vuxml.freebsd.org/freebsd/45298931-b3bf-11dd-80f8-001cc0377035.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e231935e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(255);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/11/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"gnutls<2.4.2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-01-16T20:09:34", "bulletinFamily": "scanner", "description": "The previous security fix for gnutls (CVE-2008-4989) introduced a\nregression in the X.509 validation code for self-signed certificates. \n\nThis update fixes this problem.", "modified": "2014-06-13T00:00:00", "published": "2009-07-21T00:00:00", "id": "SUSE_11_1_GNUTLS-090313.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=40224", "title": "openSUSE Security Update : gnutls (gnutls-605)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update gnutls-605.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40224);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2014/06/13 19:49:34 $\");\n\n script_cve_id(\"CVE-2008-4989\");\n\n script_name(english:\"openSUSE Security Update : gnutls (gnutls-605)\");\n script_summary(english:\"Check for the gnutls-605 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The previous security fix for gnutls (CVE-2008-4989) introduced a\nregression in the X.509 validation code for self-signed certificates. \n\nThis update fixes this problem.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=457938\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnutls packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cwe_id(255);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls-extra-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls-extra26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls26-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"gnutls-2.4.1-24.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libgnutls-devel-2.4.1-24.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libgnutls-extra-devel-2.4.1-24.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libgnutls-extra26-2.4.1-24.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libgnutls26-2.4.1-24.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"libgnutls26-32bit-2.4.1-24.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnutls\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-01-16T20:09:00", "bulletinFamily": "scanner", "description": "The previous security fix for gnutls (CVE-2008-4989) introduced a\nregression in the X.509 validation code for self-signed certificates. \n\nThis update fixes this problem.", "modified": "2014-06-13T00:00:00", "published": "2009-04-21T00:00:00", "id": "SUSE_GNUTLS-6079.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=36201", "title": "openSUSE 10 Security Update : gnutls (gnutls-6079)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update gnutls-6079.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(36201);\n script_version (\"$Revision: 1.6 $\");\n script_cvs_date(\"$Date: 2014/06/13 20:11:34 $\");\n\n script_cve_id(\"CVE-2008-4989\");\n\n script_name(english:\"openSUSE 10 Security Update : gnutls (gnutls-6079)\");\n script_summary(english:\"Check for the gnutls-6079 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The previous security fix for gnutls (CVE-2008-4989) introduced a\nregression in the X.509 validation code for self-signed certificates. \n\nThis update fixes this problem.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnutls packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cwe_id(255);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gnutls-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gnutls-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gnutls-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"gnutls-1.6.1-36.6\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"gnutls-devel-1.6.1-36.6\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", cpu:\"x86_64\", reference:\"gnutls-32bit-1.6.1-36.6\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", cpu:\"x86_64\", reference:\"gnutls-devel-32bit-1.6.1-36.6\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnutls\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "slackware": [{"lastseen": "2018-08-31T00:36:44", "bulletinFamily": "unix", "description": "New gnutls packages are available for Slackware 12.0, 12.1, and -current to\nfix a security issue.\n\nNOTE: The package for 12.0 has a different shared library soname, and the\npackages for 12.1 and -current have an API/ABI change. Only the Pidgin package\nin Slackware links with GnuTLS, and upgraded Pidgin packages have also been\nmade available. However, if the updated GnuTLS package is installed any other\ncustom-compiled software that uses GnuTLS may need to be recompiled.\n\nMore details about this issue will become available in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4989\n\n\nHere are the details from the Slackware 12.1 ChangeLog:\n\npatches/packages/gnutls-2.6.1-i486-1_slack12.1.tgz:\n Upgraded to gnutls-2.6.1.\n From the gnutls-2.6.1 NEWS file:\n ** libgnutls: Fix X.509 certificate chain validation error.\n [GNUTLS-SA-2008-3] The flaw makes it possible for man in the middle\n attackers (i.e., active attackers) to assume any name and trick GNU TLS\n clients into trusting that name. Thanks for report and analysis from\n Martin von Gagern <Martin.vGagern@gmx.net>. [CVE-2008-4989]\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4989\n IMPORTANT NOTE: This update modifies the API and ABI for the\n gnutls_pk_params_st function. Any software that uses the function will\n need to be recompiled.\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\ndirectly from ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/gnutls-2.6.1-i486-1_slack12.0.tgz\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/gnutls-2.6.1-i486-1_slack12.1.tgz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/gnutls-2.6.1-i486-1.tgz\n\n\nMD5 signatures:\n\nSlackware 12.0 package:\nb2f8679618d7bca27161ee9e77e40be7 gnutls-2.6.1-i486-1_slack12.0.tgz\n\nSlackware 12.1 package:\nd71c4984aeb90571d57d55129913fa19 gnutls-2.6.1-i486-1_slack12.1.tgz\n\nSlackware -current package:\na8bb0f8f70b96135a69e3eba04122e7a gnutls-2.6.1-i486-1.tgz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg gnutls-2.6.1-i486-1_slack12.1.tgz\n\nAlso install the new Pidgin package if you use it. Slackware 12.0 will\nrequire a recompile of any locally compiled GnuTLS linked packages.\nRecompiling locally compiled GnuTLS linked software is also recommended\nwith Slackware 12.1 and -current, although it is probable that a lot of\nsoftware would work without a recompile since only a single function\n(gnutls_pk_params_st) was changed.", "modified": "2008-11-10T19:18:27", "published": "2008-11-10T19:18:27", "id": "SSA-2008-315-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.465317", "title": "gnutls", "type": "slackware", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "openvas": [{"lastseen": "2018-04-06T11:40:47", "bulletinFamily": "scanner", "description": "The remote host is missing an update to gnutls13\nannounced via advisory DSA 1719-1.", "modified": "2018-04-06T00:00:00", "published": "2009-02-13T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063392", "id": "OPENVAS:136141256231063392", "title": "Debian Security Advisory DSA 1719-1 (gnutls13)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1719_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory DSA 1719-1 (gnutls13)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Martin von Gagern discovered that GNUTLS, an implementation of the\nTLS/SSL protocol, handles verification of X.509 certificate chains\nincorrectly if a self-signed certificate is configured as a trusted\ncertificate. This could cause clients to accept forged server\ncertificates as genuine. (CVE-2008-4989)\n\nIn addition, this update tightens the checks for X.509v1 certificates\nwhich causes GNUTLS to reject certain certificate chains it accepted\nbefore. (In certificate chain processing, GNUTLS does not recognize\nX.509v1 certificates as valid unless explicitly requested by the\napplication.)\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 1.4.4-3+etch3.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.4.2-3 of the gnutls26 package.\n\nWe recommend that you upgrade your gnutls13 packages.\";\ntag_summary = \"The remote host is missing an update to gnutls13\nannounced via advisory DSA 1719-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201719-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63392\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-13 20:43:17 +0100 (Fri, 13 Feb 2009)\");\n script_cve_id(\"CVE-2008-4989\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Debian Security Advisory DSA 1719-1 (gnutls13)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"gnutls-doc\", ver:\"1.4.4-3+etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgnutls13\", ver:\"1.4.4-3+etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgnutls13-dbg\", ver:\"1.4.4-3+etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgnutls-dev\", ver:\"1.4.4-3+etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gnutls-bin\", ver:\"1.4.4-3+etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-24T12:57:03", "bulletinFamily": "scanner", "description": "Check for the Version of gnutls", "modified": "2017-07-06T00:00:00", "published": "2009-04-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=830725", "id": "OPENVAS:830725", "title": "Mandriva Update for gnutls MDVSA-2008:227 (gnutls)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for gnutls MDVSA-2008:227 (gnutls)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Martin von Gagern found a flow in how GnuTLS versions 1.2.4 up until\n 2.6.1 verified certificate chains provided by a server. A malicious\n server could use this flaw to spoof its identity by tricking client\n applications that used the GnuTLS library to trust invalid certificates\n (CVE-2008-4989).\n\n The updated packages have been patched to correct this issue.\";\n\ntag_affected = \"gnutls on Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2008.1,\n Mandriva Linux 2008.1/X86_64,\n Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-11/msg00006.php\");\n script_id(830725);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:26:37 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"MDVSA\", value: \"2008:227\");\n script_cve_id(\"CVE-2008-4989\");\n script_name( \"Mandriva Update for gnutls MDVSA-2008:227 (gnutls)\");\n\n script_summary(\"Check for the Version of gnutls\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~2.0.0~2.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgnutls13\", rpm:\"libgnutls13~2.0.0~2.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgnutls-devel\", rpm:\"libgnutls-devel~2.0.0~2.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gnutls13\", rpm:\"lib64gnutls13~2.0.0~2.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gnutls-devel\", rpm:\"lib64gnutls-devel~2.0.0~2.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~2.3.0~2.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgnutls26\", rpm:\"libgnutls26~2.3.0~2.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgnutls-devel\", rpm:\"libgnutls-devel~2.3.0~2.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gnutls26\", rpm:\"lib64gnutls26~2.3.0~2.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gnutls-devel\", rpm:\"lib64gnutls-devel~2.3.0~2.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~2.4.1~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgnutls26\", rpm:\"libgnutls26~2.4.1~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgnutls-devel\", rpm:\"libgnutls-devel~2.4.1~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gnutls26\", rpm:\"lib64gnutls26~2.4.1~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gnutls-devel\", rpm:\"lib64gnutls-devel~2.4.1~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-26T08:55:22", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n gnutls\n gnutls-devel\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-10-13T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=65886", "id": "OPENVAS:65886", "title": "SLES10: Security update for GnuTLS", "type": "openvas", "sourceData": "#\n#VID slesp2-gnutls-6073\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for GnuTLS\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n gnutls\n gnutls-devel\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_id(65886);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-13 18:25:40 +0200 (Tue, 13 Oct 2009)\");\n script_cve_id(\"CVE-2008-4989\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"SLES10: Security update for GnuTLS\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~1.2.10~13.15\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnutls-devel\", rpm:\"gnutls-devel~1.2.10~13.15\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-04-09T11:41:23", "bulletinFamily": "scanner", "description": "Check for the Version of gnutls", "modified": "2018-04-06T00:00:00", "published": "2009-04-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830670", "id": "OPENVAS:1361412562310830670", "type": "openvas", "title": "Mandriva Update for gnutls MDVSA-2008:227-1 (gnutls)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for gnutls MDVSA-2008:227-1 (gnutls)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Martin von Gagern found a flow in how GnuTLS versions 1.2.4 up until\n 2.6.1 verified certificate chains provided by a server. A malicious\n server could use this flaw to spoof its identity by tricking client\n applications that used the GnuTLS library to trust invalid certificates\n (CVE-2008-4989).\n\n Update:\n \n It was found that the previously-published patch to correct this\n issue caused a regression when dealing with self-signed certificates.\n An updated patch that fixes the security issue and resolves the\n regression issue has been applied to these packages.\";\n\ntag_affected = \"gnutls on Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2008.1,\n Mandriva Linux 2008.1/X86_64,\n Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-11/msg00013.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830670\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:18:58 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"MDVSA\", value: \"2008:227-1\");\n script_cve_id(\"CVE-2008-4989\");\n script_name( \"Mandriva Update for gnutls MDVSA-2008:227-1 (gnutls)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of gnutls\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~2.0.0~2.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgnutls13\", rpm:\"libgnutls13~2.0.0~2.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgnutls-devel\", rpm:\"libgnutls-devel~2.0.0~2.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gnutls13\", rpm:\"lib64gnutls13~2.0.0~2.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gnutls-devel\", rpm:\"lib64gnutls-devel~2.0.0~2.3mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~2.3.0~2.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgnutls26\", rpm:\"libgnutls26~2.3.0~2.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgnutls-devel\", rpm:\"libgnutls-devel~2.3.0~2.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gnutls26\", rpm:\"lib64gnutls26~2.3.0~2.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gnutls-devel\", rpm:\"lib64gnutls-devel~2.3.0~2.3mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~2.4.1~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgnutls26\", rpm:\"libgnutls26~2.4.1~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgnutls-devel\", rpm:\"libgnutls-devel~2.4.1~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gnutls26\", rpm:\"lib64gnutls26~2.4.1~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gnutls-devel\", rpm:\"lib64gnutls-devel~2.4.1~2.2mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-04-09T11:41:16", "bulletinFamily": "scanner", "description": "Check for the Version of gnutls", "modified": "2018-04-06T00:00:00", "published": "2009-04-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830725", "id": "OPENVAS:1361412562310830725", "title": "Mandriva Update for gnutls MDVSA-2008:227 (gnutls)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for gnutls MDVSA-2008:227 (gnutls)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Martin von Gagern found a flow in how GnuTLS versions 1.2.4 up until\n 2.6.1 verified certificate chains provided by a server. A malicious\n server could use this flaw to spoof its identity by tricking client\n applications that used the GnuTLS library to trust invalid certificates\n (CVE-2008-4989).\n\n The updated packages have been patched to correct this issue.\";\n\ntag_affected = \"gnutls on Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2008.1,\n Mandriva Linux 2008.1/X86_64,\n Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-11/msg00006.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830725\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:26:37 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"MDVSA\", value: \"2008:227\");\n script_cve_id(\"CVE-2008-4989\");\n script_name( \"Mandriva Update for gnutls MDVSA-2008:227 (gnutls)\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of gnutls\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~2.0.0~2.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgnutls13\", rpm:\"libgnutls13~2.0.0~2.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgnutls-devel\", rpm:\"libgnutls-devel~2.0.0~2.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gnutls13\", rpm:\"lib64gnutls13~2.0.0~2.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gnutls-devel\", rpm:\"lib64gnutls-devel~2.0.0~2.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~2.3.0~2.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgnutls26\", rpm:\"libgnutls26~2.3.0~2.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgnutls-devel\", rpm:\"libgnutls-devel~2.3.0~2.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gnutls26\", rpm:\"lib64gnutls26~2.3.0~2.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gnutls-devel\", rpm:\"lib64gnutls-devel~2.3.0~2.2mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~2.4.1~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgnutls26\", rpm:\"libgnutls26~2.4.1~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libgnutls-devel\", rpm:\"libgnutls-devel~2.4.1~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gnutls26\", rpm:\"lib64gnutls26~2.4.1~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64gnutls-devel\", rpm:\"lib64gnutls-devel~2.4.1~1.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-24T12:57:16", "bulletinFamily": "scanner", "description": "The remote host is missing an update to gnutls13\nannounced via advisory DSA 1719-1.", "modified": "2017-07-07T00:00:00", "published": "2009-02-13T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=63392", "id": "OPENVAS:63392", "title": "Debian Security Advisory DSA 1719-1 (gnutls13)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1719_1.nasl 6615 2017-07-07 12:09:52Z cfischer $\n# Description: Auto-generated from advisory DSA 1719-1 (gnutls13)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Martin von Gagern discovered that GNUTLS, an implementation of the\nTLS/SSL protocol, handles verification of X.509 certificate chains\nincorrectly if a self-signed certificate is configured as a trusted\ncertificate. This could cause clients to accept forged server\ncertificates as genuine. (CVE-2008-4989)\n\nIn addition, this update tightens the checks for X.509v1 certificates\nwhich causes GNUTLS to reject certain certificate chains it accepted\nbefore. (In certificate chain processing, GNUTLS does not recognize\nX.509v1 certificates as valid unless explicitly requested by the\napplication.)\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 1.4.4-3+etch3.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.4.2-3 of the gnutls26 package.\n\nWe recommend that you upgrade your gnutls13 packages.\";\ntag_summary = \"The remote host is missing an update to gnutls13\nannounced via advisory DSA 1719-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201719-1\";\n\n\nif(description)\n{\n script_id(63392);\n script_version(\"$Revision: 6615 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:52 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-13 20:43:17 +0100 (Fri, 13 Feb 2009)\");\n script_cve_id(\"CVE-2008-4989\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Debian Security Advisory DSA 1719-1 (gnutls13)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"gnutls-doc\", ver:\"1.4.4-3+etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgnutls13\", ver:\"1.4.4-3+etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgnutls13-dbg\", ver:\"1.4.4-3+etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgnutls-dev\", ver:\"1.4.4-3+etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gnutls-bin\", ver:\"1.4.4-3+etch3\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-25T10:57:11", "bulletinFamily": "scanner", "description": "Check for the Version of gnutls", "modified": "2017-07-10T00:00:00", "published": "2009-02-16T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=860874", "id": "OPENVAS:860874", "title": "Fedora Update for gnutls FEDORA-2008-10000", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gnutls FEDORA-2008-10000\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"gnutls on Fedora 10\";\ntag_insight = \"GnuTLS is a project that aims to develop a library which provides a secure\n layer, over a reliable transport layer. Currently the GnuTLS library implements\n the proposed standards by the IETF's TLS working group.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00691.html\");\n script_id(860874);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 14:16:57 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2008-10000\");\n script_cve_id(\"CVE-2008-4989\");\n script_name( \"Fedora Update for gnutls FEDORA-2008-10000\");\n\n script_summary(\"Check for the Version of gnutls\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC10\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~2.4.2~3.fc10\", rls:\"FC10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-02T21:10:25", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-20T00:00:00", "published": "2008-11-19T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=61872", "id": "OPENVAS:61872", "title": "FreeBSD Ports: gnutls", "type": "openvas", "sourceData": "#\n#VID 45298931-b3bf-11dd-80f8-001cc0377035\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 45298931-b3bf-11dd-80f8-001cc0377035\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: gnutls\n\nCVE-2008-4989\nThe _gnutls_x509_verify_certificate function in lib/x509/verify.c in\nlibgnutls in GnuTLS before 2.6.1 trusts certificate chains in which\nthe last certificate is an arbitrary trusted, self-signed certificate,\nwhich allows man-in-the-middle attackers to insert a spoofed\ncertificate for any Distinguished Name (DN).\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.gnu.org/software/gnutls/security.html\nhttp://lists.gnu.org/archive/html/gnutls-devel/2008-11/msg00017.html\nhttp://www.vuxml.org/freebsd/45298931-b3bf-11dd-80f8-001cc0377035.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(61872);\n script_version(\"$Revision: 4118 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-20 07:32:38 +0200 (Tue, 20 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-11-19 16:52:57 +0100 (Wed, 19 Nov 2008)\");\n script_cve_id(\"CVE-2008-4989\");\n script_bugtraq_id(32232);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"FreeBSD Ports: gnutls\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"gnutls\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.4.2\")<0) {\n txt += 'Package gnutls version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-02T21:14:02", "bulletinFamily": "scanner", "description": "Check for the Version of GNU Transport Layer Security Library", "modified": "2017-02-20T00:00:00", "published": "2009-09-23T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=855652", "id": "OPENVAS:855652", "title": "Solaris Update for GNU Transport Layer Security Library 123939-02", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Solaris Update for GNU Transport Layer Security Library 123939-02\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_affected = \"GNU Transport Layer Security Library on solaris_5.10_x86\";\ntag_insight = \"The remote host is missing a patch containing a security fix,\n which affects the following component(s): \n GNU Transport Layer Security Library\n For more information please visit the below reference link.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(855652);\n script_version(\"$Revision: 5359 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 12:20:19 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-23 10:48:35 +0200 (Wed, 23 Sep 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"SUNSolve\", value: \"123939-02\");\n script_cve_id(\"CVE-2008-4989\");\n script_name(\"Solaris Update for GNU Transport Layer Security Library 123939-02\");\n\n script_xref(name : \"URL\" , value : \"http://sunsolve.sun.com/search/document.do?assetkey=1-21-123939-02-1\");\n\n script_summary(\"Check for the Version of GNU Transport Layer Security Library\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Solaris Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/solosversion\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"solaris.inc\");\n\nrelease = get_kb_item(\"ssh/login/solosversion\");\n\nif(release == NULL){\n exit(0);\n}\n\nif(solaris_check_patch(release:\"5.10\", arch:\"i386\", patch:\"123939-02\", package:\"SUNWgnutls\") < 0)\n{\n security_message(0);\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-04-06T11:39:39", "bulletinFamily": "scanner", "description": "The remote host is missing an update to gnutls13, gnutls26\nannounced via advisory DSA 1719-2.", "modified": "2018-04-06T00:00:00", "published": "2009-03-20T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063575", "id": "OPENVAS:136141256231063575", "title": "Debian Security Advisory DSA 1719-2 (gnutls13, gnutls26)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1719_2.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory DSA 1719-2 (gnutls13, gnutls26)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Changes in DSA-1719-1 caused GNUTLS to reject X.509v1 certificates as\nCA root certificates by default, as originally described in the\ndocumentation. However, it turned out that there is still significant\nuse of historic X.509v1 CA root certificates, so this constitutes an\nunacceptable regression. This update reverses this part of the\nchanges in DSA-1719-1. Note that the X.509v1 certificate format does\nnot distinguish between server and CA certificates, which means that\nan X.509v1 server certificates is implicitly converted into a CA\ncertificate when added to the trust store (which was the reason for\nthe change in DSA-1719-1).\n\nThe current stable distribution (lenny) was released with the changes\nin DSA-1719-1 already applied, and this update reverses the changes\nconcerning X.509v1 CA certificates for this distribution, too.\n\nFor the old stable distribution (etch), this problem has been fixed in\nversion 1.4.4-3+etch4.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 2.4.2-6+lenny1.\n\nWe recommend that you upgrade your GNUTLS packages.\";\ntag_summary = \"The remote host is missing an update to gnutls13, gnutls26\nannounced via advisory DSA 1719-2.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201719-2\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63575\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-20 00:52:38 +0100 (Fri, 20 Mar 2009)\");\n script_cve_id(\"CVE-2008-4989\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Debian Security Advisory DSA 1719-2 (gnutls13, gnutls26)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"gnutls-doc\", ver:\"1.4.4-3+etch4\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgnutls-dev\", ver:\"1.4.4-3+etch4\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgnutls13\", ver:\"1.4.4-3+etch4\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gnutls-bin\", ver:\"1.4.4-3+etch4\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgnutls13-dbg\", ver:\"1.4.4-3+etch4\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gnutls-doc\", ver:\"2.4.2-6+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgnutls-dev\", ver:\"2.4.2-6+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgnutls26\", ver:\"2.4.2-6+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gnutls-bin\", ver:\"2.4.2-6+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgnutls26-dbg\", ver:\"2.4.2-6+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"guile-gnutls\", ver:\"2.4.2-6+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "freebsd": [{"lastseen": "2018-08-31T01:15:31", "bulletinFamily": "unix", "description": "\nSecurityFocus reports:\n\nGnuTLS is prone to a security-bypass vulnerability because the\n\t application fails to properly validate chained X.509 certificates.\n\t Successfully exploiting this issue allows attackers to perform\n\t man-in-the-middle attacks by impersonating trusted servers.\n\t Unsuspecting users may be under a false sense of security that can\n\t aid attackers in launching further attacks.\n\n", "modified": "2008-11-10T00:00:00", "published": "2008-11-10T00:00:00", "id": "45298931-B3BF-11DD-80F8-001CC0377035", "href": "https://vuxml.freebsd.org/freebsd/45298931-b3bf-11dd-80f8-001cc0377035.html", "title": "gnutls -- X.509 certificate chain validation vulnerability", "type": "freebsd", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:08:30", "bulletinFamily": "unix", "description": "USN-678-1 fixed a vulnerability in GnuTLS. The upstream patch introduced a regression when validating certain certificate chains that would report valid certificates as untrusted. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nMartin von Gagern discovered that GnuTLS did not properly verify certificate chains when the last certificate in the chain was self-signed. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. (CVE-2008-4989)", "modified": "2008-12-10T00:00:00", "published": "2008-12-10T00:00:00", "id": "USN-678-2", "href": "https://usn.ubuntu.com/678-2/", "title": "GnuTLS regression", "type": "ubuntu", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T00:08:56", "bulletinFamily": "unix", "description": "Martin von Gagern discovered that GnuTLS did not properly verify certificate chains when the last certificate in the chain was self-signed. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. (CVE-2008-4989)", "modified": "2008-11-26T00:00:00", "published": "2008-11-26T00:00:00", "id": "USN-678-1", "href": "https://usn.ubuntu.com/678-1/", "title": "GnuTLS vulnerability", "type": "ubuntu", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T00:09:57", "bulletinFamily": "unix", "description": "Moxie Marlinspike and Dan Kaminsky independently discovered that GnuTLS did not properly handle certificates with NULL characters in the certificate name. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (CVE-2009-2730)\n\nDan Kaminsky discovered GnuTLS would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. This issue only affected Ubuntu 6.06 LTS and Ubuntu 8.10. (CVE-2009-2409)\n\nUSN-678-1 fixed a vulnerability and USN-678-2 a regression in GnuTLS. The upstream patches introduced a regression when validating certain certificate chains that would report valid certificates as untrusted. This update fixes the problem, and only affected Ubuntu 6.06 LTS and Ubuntu 8.10 (Ubuntu 8.04 LTS and 9.04 were fixed at an earlier date). In an effort to maintain a strong security stance and address all known regressions, this update deprecates X.509 validation chains using MD2 and MD5 signatures. To accomodate sites which must still use a deprected RSA-MD5 certificate, GnuTLS has been updated to stop looking when it has found a trusted intermediary certificate. This new handling of intermediary certificates is in accordance with other SSL implementations.\n\nOriginal advisory details:\n\nMartin von Gagern discovered that GnuTLS did not properly verify certificate chains when the last certificate in the chain was self-signed. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. (CVE-2008-4989)", "modified": "2009-08-19T00:00:00", "published": "2009-08-19T00:00:00", "id": "USN-809-1", "href": "https://usn.ubuntu.com/809-1/", "title": "GnuTLS vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2018-10-16T22:13:08", "bulletinFamily": "unix", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1719-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nFebruary 10, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : gnutls13\nVulnerability : design flaw\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2008-4989\nDebian Bug : 505360\n\nMartin von Gagern discovered that GNUTLS, an implementation of the\nTLS/SSL protocol, handles verification of X.509 certificate chains\nincorrectly if a self-signed certificate is configured as a trusted\ncertificate. This could cause clients to accept forged server\ncertificates as genuine. (CVE-2008-4989)\n\nIn addition, this update tightens the checks for X.509v1 certificates\nwhich causes GNUTLS to reject certain certificate chains it accepted\nbefore. (In certificate chain processing, GNUTLS does not recognize\nX.509v1 certificates as valid unless explicitly requested by the\napplication.)\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 1.4.4-3+etch3.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.4.2-3 of the gnutls26 package.\n\nWe recommend that you upgrade your gnutls13 packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/g/gnutls13/gnutls13_1.4.4-3+etch2.dsc\n Size/MD5 checksum: 967 97d676fb2a9de5a2706da79baf5fc53f\n http://security.debian.org/pool/updates/main/g/gnutls13/gnutls13_1.4.4-3+etch3.diff.gz\n Size/MD5 checksum: 20931 d1f9a5483e2ff3b6f799f14cc90e0ba4\n http://security.debian.org/pool/updates/main/g/gnutls13/gnutls13_1.4.4.orig.tar.gz\n Size/MD5 checksum: 4752009 c06ada020e2b69caa51833175d59f8b2\n http://security.debian.org/pool/updates/main/g/gnutls13/gnutls13_1.4.4-3+etch2.diff.gz\n Size/MD5 checksum: 19550 d362897a57e2bac2f059413ea29540be\n http://security.debian.org/pool/updates/main/g/gnutls13/gnutls13_1.4.4-3+etch3.dsc\n Size/MD5 checksum: 967 c523874d91b1d19b0a59c6d51ada21e6\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-doc_1.4.4-3+etch2_all.deb\n Size/MD5 checksum: 2315360 2892fedc83604472a40cb9e16b64fad2\n http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-doc_1.4.4-3+etch3_all.deb\n Size/MD5 checksum: 2315508 9fe5532897a55d3f8b2954a7294920e1\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch3_alpha.deb\n Size/MD5 checksum: 328102 19e0618dac4d13a9d284019365ef07f9\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch2_alpha.deb\n Size/MD5 checksum: 547328 0fc6cb94c0a9b65067fc17e0db0e4e7c\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch2_alpha.deb\n Size/MD5 checksum: 523950 a149137fe64abc4b7e33d66e1345b9c0\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch3_alpha.deb\n Size/MD5 checksum: 524034 0d510406095b7f9bf9dd06b74502c94a\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch2_alpha.deb\n Size/MD5 checksum: 327990 8b39649670392f353c183032aab1040b\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch3_alpha.deb\n Size/MD5 checksum: 547418 fd17990e04770d7447e6fd136cb0f726\n http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch2_alpha.deb\n Size/MD5 checksum: 196336 a2385c40d8118a84442449d7720d4437\n http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch3_alpha.deb\n Size/MD5 checksum: 196416 9b570f6739f2071ef8e857f897b0fe73\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch3_amd64.deb\n Size/MD5 checksum: 314678 9a2fca4364ab01e77da051e1c637cace\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch2_amd64.deb\n Size/MD5 checksum: 538540 9bad40a6891bacf73ab92d492946439e\n http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch2_amd64.deb\n Size/MD5 checksum: 183432 04c381e380452347c0b8c866cd32a0d1\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch2_amd64.deb\n Size/MD5 checksum: 314542 bd3466107c5a3e81bae9fc6ce16b3f07\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch3_amd64.deb\n Size/MD5 checksum: 389192 7e1f1ee9b50dbe59303ee92d06d638f9\n http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch3_amd64.deb\n Size/MD5 checksum: 183526 deb90128a086f94d4213ae8d0ebb2aac\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch2_amd64.deb\n Size/MD5 checksum: 389078 937898ee8ebfbb6c96ec327182aa66c9\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch3_amd64.deb\n Size/MD5 checksum: 538694 30f0f5f5236de80b969ab142003facda\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch3_arm.deb\n Size/MD5 checksum: 355130 d314daec4d8653d21f5aa755b133ce44\n http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch2_arm.deb\n Size/MD5 checksum: 169734 a0760138aa40ef409bebc45f21482fa6\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch3_arm.deb\n Size/MD5 checksum: 283218 86a51ac92283cf4d41f8b80e208d3ea0\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch2_arm.deb\n Size/MD5 checksum: 283146 490e93a8fb47792bab27befcfaba59c4\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch2_arm.deb\n Size/MD5 checksum: 510986 734ae4e95a95858b98a9aadf3df89e27\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch2_arm.deb\n Size/MD5 checksum: 355034 d2fad7c1fa481c311272a033a1632baa\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch3_arm.deb\n Size/MD5 checksum: 511146 020e108874b330b04d28cbf111e1cb3c\n http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch3_arm.deb\n Size/MD5 checksum: 169790 d7904cea32e23dcd2abe3c8078029f24\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch2_hppa.deb\n Size/MD5 checksum: 435274 a50a1b0396725750c7f9b18f42ed59df\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch3_hppa.deb\n Size/MD5 checksum: 521900 81a5514ae8b882945c9d86260a985075\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch2_hppa.deb\n Size/MD5 checksum: 312696 9b01cc660ec19e94365cfe9485e69504\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch3_hppa.deb\n Size/MD5 checksum: 435428 b9b85897a5fa12e6145e44f1d811faf7\n http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch2_hppa.deb\n Size/MD5 checksum: 184434 3fe517f3ae76a0bb39ef2112259ee533\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch3_hppa.deb\n Size/MD5 checksum: 312786 7bf4a07c716180831b812024f9dc2bed\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch2_hppa.deb\n Size/MD5 checksum: 521782 ec2e351f911c06d10a906e35e87b17d8\n http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch3_hppa.deb\n Size/MD5 checksum: 184514 4a4436b484d0809e458fccd777af41a9\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch3_i386.deb\n Size/MD5 checksum: 525932 03fdffd511056bb48f00fd29a7ff0994\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch3_i386.deb\n Size/MD5 checksum: 282696 8e5d7e93c2bcd0e5b1c11b2bb76febc1\n http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch2_i386.deb\n Size/MD5 checksum: 171836 c7de8edce99f98a92597328a828306f4\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch3_i386.deb\n Size/MD5 checksum: 359008 b2d4fb0470fb4933e9d7f7e4d365fade\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch2_i386.deb\n Size/MD5 checksum: 358910 d3784c1606616b1053afe805e466d351\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch2_i386.deb\n Size/MD5 checksum: 282576 089b077a2856c2eb240d8ec91e34da98\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch2_i386.deb\n Size/MD5 checksum: 525814 236abc7e944de62b1c63ac2752df59d5\n http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch3_i386.deb\n Size/MD5 checksum: 171916 2c30fca77e49ece3c874923597113e84\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch3_ia64.deb\n Size/MD5 checksum: 229224 a8b557d93ac98d96b69e83a1ab0abe60\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch2_ia64.deb\n Size/MD5 checksum: 550142 eca44ae7ad3a622ae835bad66076bb44\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch3_ia64.deb\n Size/MD5 checksum: 528174 cb2e8a474b0f616ebdb4f7c70884a68b\n http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch2_ia64.deb\n Size/MD5 checksum: 229130 48c1beb6eec250eb2ef18978cb7002a7\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch3_ia64.deb\n Size/MD5 checksum: 394824 b83e917ffa852e371713c05eed6bb2ea\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch2_ia64.deb\n Size/MD5 checksum: 528024 4911b942fdb28257ce5404e0db59bf8f\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch3_ia64.deb\n Size/MD5 checksum: 550282 bb35e15bed0cd0a002c09c2a33f204e3\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch2_ia64.deb\n Size/MD5 checksum: 394664 83b0fb175ce0a9228ae66a1c2c20087d\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch3_mips.deb\n Size/MD5 checksum: 278098 839af8690670ae34de6ec1c4ecb2a11d\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch2_mips.deb\n Size/MD5 checksum: 417930 09a97882ea70cea64f7ab518f872d0d4\n http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch2_mips.deb\n Size/MD5 checksum: 181744 14f8d0bcae552215223083475fc102ff\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch2_mips.deb\n Size/MD5 checksum: 277980 176ba4c110568718f5310ebd88c0fad2\n http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch3_mips.deb\n Size/MD5 checksum: 181844 1063e31ebfce35d017cc2f52f43e7988\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch2_mips.deb\n Size/MD5 checksum: 552678 75998b98481a61f619a59fdcb195e92a\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch3_mips.deb\n Size/MD5 checksum: 418000 6de735e5e2f89169cff80b7c88124d7c\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch3_mips.deb\n Size/MD5 checksum: 552848 e7a3675995e3f76753683bd56559c097\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch3_mipsel.deb\n Size/MD5 checksum: 277818 23b61680ae1ebd6e8352efd69369a54d\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch3_mipsel.deb\n Size/MD5 checksum: 541908 5ce5c90c1938eab0e66df230cb92b99f\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch2_mipsel.deb\n Size/MD5 checksum: 541770 b1a12727513f82602064e9d9d0238d4e\n http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch3_mipsel.deb\n Size/MD5 checksum: 182774 ebde66ae73e094da31b94a72b4214591\n http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch2_mipsel.deb\n Size/MD5 checksum: 182702 5bc323ab598389c3e074f28b54d84b84\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch2_mipsel.deb\n Size/MD5 checksum: 277736 582f2204399dfecd750f9f93a3f395d1\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch2_mipsel.deb\n Size/MD5 checksum: 417036 d94700c36580f967644d95de26672633\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch3_mipsel.deb\n Size/MD5 checksum: 417180 6e5c825f8843d10a312a791b7bb7e1cf\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch2_powerpc.deb\n Size/MD5 checksum: 184590 c5a0ea676820713de26aec86ade8c61b\n http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch3_powerpc.deb\n Size/MD5 checksum: 184672 f8dc6ea415ba64b863f54c83eb948f4d\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch2_powerpc.deb\n Size/MD5 checksum: 388752 c1a798145290881a103431c0e61b89b5\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch2_powerpc.deb\n Size/MD5 checksum: 538638 e78c7fd529dc9b84834d868d6d3abdbf\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch3_powerpc.deb\n Size/MD5 checksum: 288958 78c75eed0f9943eebd81c197381dbf5c\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch3_powerpc.deb\n Size/MD5 checksum: 538788 5435fb5147d931b8386eacc607a23dfc\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch2_powerpc.deb\n Size/MD5 checksum: 288854 73dd971eb95f10766b75938e531b850f\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch3_powerpc.deb\n Size/MD5 checksum: 388886 9b17d971390abcda56a1dae375bb57f8\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch3_s390.deb\n Size/MD5 checksum: 311694 6249eb1de5c7350957867560879ab144\n http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch3_s390.deb\n Size/MD5 checksum: 184588 6350de7268b17a8698ff11f5054c6e4a\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch2_s390.deb\n Size/MD5 checksum: 537386 f2daa306f4815cfc6e147b89b2c9f836\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch2_s390.deb\n Size/MD5 checksum: 380158 1e7bdd0dd3de68c319a38071814bcf25\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch3_s390.deb\n Size/MD5 checksum: 537530 9c94d38e0969a1a3ade7340623de07c0\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch3_s390.deb\n Size/MD5 checksum: 380300 2761ba52e1fb0b7e8f899b5c24121159\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch2_s390.deb\n Size/MD5 checksum: 311354 7a314e4d02c883e281f4eafe25f04d31\n http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch2_s390.deb\n Size/MD5 checksum: 184510 05b634e19e7e85d994d5625dda5e6c52\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch3_sparc.deb\n Size/MD5 checksum: 378986 3b732e25a6bcd5c2300af4820553516f\n http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch2_sparc.deb\n Size/MD5 checksum: 169598 34390667473c6d12097ede5c2c3c3610\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch2_sparc.deb\n Size/MD5 checksum: 271000 1c5024b2fd07ef8c98276afa17fac00b\n http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch3_sparc.deb\n Size/MD5 checksum: 169682 58c18c588e2e09bb97ace63713a8accf\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch2_sparc.deb\n Size/MD5 checksum: 378848 1d86c8b4356b8be1cb6a31620469bada\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch2_sparc.deb\n Size/MD5 checksum: 491096 672ae9d75e0071ced67518ee05ae3733\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch3_sparc.deb\n Size/MD5 checksum: 271146 74514dfa3c95b1afe4388cc31bc4cba5\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch3_sparc.deb\n Size/MD5 checksum: 491162 0dbc5d0426b64b4abff5acdabb2c42f0\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "modified": "2009-02-10T07:01:02", "published": "2009-02-10T07:01:02", "id": "DEBIAN:DSA-1719-1:E40DB", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00028.html", "title": "[SECURITY] [DSA 1719-1] New gnutls13 packages fix certificate validation", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-10-16T22:14:53", "bulletinFamily": "unix", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1719-2 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nFebruary 28, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : gnutls13, gnutls26\nVulnerability : design flaw\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2008-4989\nDebian Bug : 505360\n\nChanges in DSA-1719-1 caused GNUTLS to reject X.509v1 certificates as\nCA root certificates by default, as originally described in the\ndocumentation. However, it turned out that there is still significant\nuse of historic X.509v1 CA root certificates, so this constitutes an\nunacceptable regression. This update reverses this part of the\nchanges in DSA-1719-1. Note that the X.509v1 certificate format does\nnot distinguish between server and CA certificates, which means that\nan X.509v1 server certificates is implicitly converted into a CA\ncertificate when added to the trust store (which was the reason for\nthe change in DSA-1719-1).\n\nThe current stable distribution (lenny) was released with the changes\nin DSA-1719-1 already applied, and this update reverses the changes\nconcerning X.509v1 CA certificates for this distribution, too.\n\nFor the old stable distribution (etch), this problem has been fixed in\nversion 1.4.4-3+etch4.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 2.4.2-6+lenny1.\n\nWe recommend that you upgrade your GNUTLS packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/g/gnutls13/gnutls13_1.4.4.orig.tar.gz\n Size/MD5 checksum: 4752009 c06ada020e2b69caa51833175d59f8b2\n http://security.debian.org/pool/updates/main/g/gnutls13/gnutls13_1.4.4-3+etch4.diff.gz\n Size/MD5 checksum: 21337 fd8b423c5f4a11af2c60eda979df9b00\n http://security.debian.org/pool/updates/main/g/gnutls13/gnutls13_1.4.4-3+etch4.dsc\n Size/MD5 checksum: 1259 229287edc239349b5014f2d31890912a\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-doc_1.4.4-3+etch4_all.deb\n Size/MD5 checksum: 2305134 4809b5a15fa8554dbf0cc7331ed0128a\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch4_amd64.deb\n Size/MD5 checksum: 389308 c6aa74857be44068f4e0d1f1322e30af\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch4_amd64.deb\n Size/MD5 checksum: 314864 9ea77f3b9e6fb21d899786f0f14d714c\n http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch4_amd64.deb\n Size/MD5 checksum: 183034 8e1dae14f9ea57b112fe260b1b0d4133\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch4_amd64.deb\n Size/MD5 checksum: 539598 223f5f50236b96400405a7c2ea4af3b9\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch4_arm.deb\n Size/MD5 checksum: 353164 9f47a15eb353836c9f02bc7621c8ee2f\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch4_arm.deb\n Size/MD5 checksum: 281742 977162dcbafd9a88bb5715d1295c7cab\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch4_arm.deb\n Size/MD5 checksum: 509214 d64fac5c2a6aeaaf47ae8aa0f99aa841\n http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch4_arm.deb\n Size/MD5 checksum: 169820 ace0fc294e2f61d61a163ebf6ea98af9\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch4_i386.deb\n Size/MD5 checksum: 525750 944d1f780c8ea773d8d01d1839d0f8cd\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch4_i386.deb\n Size/MD5 checksum: 281910 5b2168a10c343bb48d7ff6b063f90b26\n http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch4_i386.deb\n Size/MD5 checksum: 173350 5cd3104555a852ed354265c3d4921924\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch4_i386.deb\n Size/MD5 checksum: 359610 8ca01d76b60baa1164782aacfa7f12da\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch4_ia64.deb\n Size/MD5 checksum: 229280 3de3e4fad552e820d9b62b4a161b6807\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch4_ia64.deb\n Size/MD5 checksum: 550354 c66467b0a8ea04ff8695f0f51dc23fa0\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch4_ia64.deb\n Size/MD5 checksum: 394816 c7e52cfc951d1395eafc88d600be8082\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch4_ia64.deb\n Size/MD5 checksum: 528264 0c5a00e683ed44c8e70bd7788fa544f3\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch4_mips.deb\n Size/MD5 checksum: 418556 517105132650631d491e16951f50f4ea\n http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch4_mips.deb\n Size/MD5 checksum: 182930 1dd9d1855f0a76002afa0283859be901\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch4_mips.deb\n Size/MD5 checksum: 279350 ad784dd6ef0a0225c3cb05a123899109\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch4_mips.deb\n Size/MD5 checksum: 553722 8775869e9a8c161ac775484fb4266412\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch4_mipsel.deb\n Size/MD5 checksum: 277854 c918ae14c6f090db47d8524bb960da86\n http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch4_mipsel.deb\n Size/MD5 checksum: 182814 2fac3eef97e8d358133428efc41be2a8\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch4_mipsel.deb\n Size/MD5 checksum: 417234 9bf2baa3edb0f726eb712182c76255d8\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch4_mipsel.deb\n Size/MD5 checksum: 542104 c332743916f758cd9ab65ac0d6acf835\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch4_powerpc.deb\n Size/MD5 checksum: 184706 6ab0e02d76e0e399379601cd8017ee5a\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch4_powerpc.deb\n Size/MD5 checksum: 538836 d6c1e636a1cfebfa39013abc8f7de22a\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch4_powerpc.deb\n Size/MD5 checksum: 289006 3a5f173773e21f77e5c361c7c83cad95\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch4_powerpc.deb\n Size/MD5 checksum: 388930 e784341c5933f4bd1e6e6ebd07f6fee4\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch4_s390.deb\n Size/MD5 checksum: 184614 c7587959cdf1216f4bdea48a9a637152\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch4_s390.deb\n Size/MD5 checksum: 311684 f5716c1530abed02d290464f7cada72c\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch4_s390.deb\n Size/MD5 checksum: 537542 4fadf059fb5875cc990de83a79a1b7a3\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch4_s390.deb\n Size/MD5 checksum: 380358 8bc9700e54e895947bc4ee2b399dfee3\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13-dbg_1.4.4-3+etch4_sparc.deb\n Size/MD5 checksum: 491496 e24ea4ca4cbc14f35791523c4f955932\n http://security.debian.org/pool/updates/main/g/gnutls13/gnutls-bin_1.4.4-3+etch4_sparc.deb\n Size/MD5 checksum: 169438 c872e4a810ab75450b90c79e3ea7fe3f\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls13_1.4.4-3+etch4_sparc.deb\n Size/MD5 checksum: 271296 7fe33d25598be79b4bd58d5ea5e0258f\n http://security.debian.org/pool/updates/main/g/gnutls13/libgnutls-dev_1.4.4-3+etch4_sparc.deb\n Size/MD5 checksum: 380138 10c4452d13237bda8e15c5ee5be878c6\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/g/gnutls26/gnutls26_2.4.2-6+lenny1.diff.gz\n Size/MD5 checksum: 20298 e6bb02c6522cf6b6842e0b38c633a087\n http://security.debian.org/pool/updates/main/g/gnutls26/gnutls26_2.4.2-6+lenny1.dsc\n Size/MD5 checksum: 1904 3410a16fe6f7dcce25f1c55946357dc6\n http://security.debian.org/pool/updates/main/g/gnutls26/gnutls26_2.4.2.orig.tar.gz\n Size/MD5 checksum: 5984345 8fea7c57f4badcafcd31eb0f981f169a\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-doc_2.4.2-6+lenny1_all.deb\n Size/MD5 checksum: 2751582 9c920495e79d03f377d96ed94915a378\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny1_alpha.deb\n Size/MD5 checksum: 746956 6ba68bc991abcd886314ca52fb301f0d\n http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny1_alpha.deb\n Size/MD5 checksum: 516830 6db84226b03e84bdd6e143b9c372f6ff\n http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny1_alpha.deb\n Size/MD5 checksum: 301862 13e22f528ab7a5f196111d187889e8d7\n http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny1_alpha.deb\n Size/MD5 checksum: 1141862 fc33865426c76c54994c076aa4dc55ec\n http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny1_alpha.deb\n Size/MD5 checksum: 217774 aa5c315542532f504fa0f40e6756d3ee\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny1_amd64.deb\n Size/MD5 checksum: 285624 48f7e580aed0f99e92eeee384c97cc21\n http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny1_amd64.deb\n Size/MD5 checksum: 215802 2ed45e368aabeb938f90fee4b3cf4668\n http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny1_amd64.deb\n Size/MD5 checksum: 1136770 db82f80deb858958e98ff3fd1422dd2c\n http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny1_amd64.deb\n Size/MD5 checksum: 586148 c95ef6b6b2af28fc7a8bfebe60703092\n http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny1_amd64.deb\n Size/MD5 checksum: 505908 e560d1c33d60f9b8c9748d6f70a2ccbc\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny1_arm.deb\n Size/MD5 checksum: 527790 87252e8649cdf5f317a3ac193c68c70d\n http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny1_arm.deb\n Size/MD5 checksum: 269682 250998601126d1a5ae82be7db086a0f7\n http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny1_arm.deb\n Size/MD5 checksum: 1070766 59d90bba4d2287794ed753021ecbbf02\n http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny1_arm.deb\n Size/MD5 checksum: 445782 e31938233bab678b943a3f4c2dd1ea56\n http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny1_arm.deb\n Size/MD5 checksum: 206486 4b388bbcc3c79008786c8aac9c387376\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny1_armel.deb\n Size/MD5 checksum: 206812 1f067f477dd0408255ee75810107c8c0\n http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny1_armel.deb\n Size/MD5 checksum: 452356 908efc56e9b571d0f2ba965566924064\n http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny1_armel.deb\n Size/MD5 checksum: 1076694 25ddb450f16240a9ef522b9cf8e0b176\n http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny1_armel.deb\n Size/MD5 checksum: 530178 e314774bf8163d3ab38693798eba8718\n http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny1_armel.deb\n Size/MD5 checksum: 271192 6fe14120a5ecf84cce73420a58306f3f\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny1_i386.deb\n Size/MD5 checksum: 1093972 e84fc62e663d53231d7238b97a75cb2e\n http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny1_i386.deb\n Size/MD5 checksum: 538250 f68cc41f9e9b90901a5e8e73ae83de68\n http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny1_i386.deb\n Size/MD5 checksum: 457306 2b4ce30e59d0d9f0924ca5952cd03035\n http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny1_i386.deb\n Size/MD5 checksum: 211152 87efd0f0aec95b071881f3e3540c3afa\n http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny1_i386.deb\n Size/MD5 checksum: 270274 61bad9c03e790afb18e4a938cbe2446f\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny1_ia64.deb\n Size/MD5 checksum: 782620 95712b24bb1114caa021729297664601\n http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny1_ia64.deb\n Size/MD5 checksum: 933118 ba4cf6d4ccbb1701f30f3a875a77615a\n http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny1_ia64.deb\n Size/MD5 checksum: 341822 553a30423b78eb84b76168e825b13bea\n http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny1_ia64.deb\n Size/MD5 checksum: 607420 29f719a5c0fee969d968753bdd17d92d\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny1_mips.deb\n Size/MD5 checksum: 450090 9e8b0b237b372fb9564367513b5f6ffb\n http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny1_mips.deb\n Size/MD5 checksum: 204034 9bb1b622aa462a4db4e2f1472a507bd0\n http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny1_mips.deb\n Size/MD5 checksum: 611794 1d9e8fec47f7a68b64d57c4d67a8dfa9\n http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny1_mips.deb\n Size/MD5 checksum: 1155814 6dd48f5c93110588df75719fe1da4d99\n http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny1_mips.deb\n Size/MD5 checksum: 277060 ed80ff11b8463272c89d70efa295b8bb\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny1_mipsel.deb\n Size/MD5 checksum: 276744 b6b3ccdfa730e35c4feda7a0787ece43\n http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny1_mipsel.deb\n Size/MD5 checksum: 1134448 4a3265f360fafa7454e5377091efff7d\n http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny1_mipsel.deb\n Size/MD5 checksum: 608204 255d5a1d3e84c596ba4f5cf9debfb8a6\n http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny1_mipsel.deb\n Size/MD5 checksum: 203572 c06441ed377c6e1c4baf8c73bdfc4baf\n http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny1_mipsel.deb\n Size/MD5 checksum: 447520 dd41ed0007cb4e3385746f0e289532a4\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny1_powerpc.deb\n Size/MD5 checksum: 487814 01f1da9942a0e77ac35d39566a22771a\n http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny1_powerpc.deb\n Size/MD5 checksum: 218270 62e9e476659217bb4028bd9a87b19047\n http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny1_powerpc.deb\n Size/MD5 checksum: 1134278 4f8242f3dae43f6f9211857739775b01\n http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny1_powerpc.deb\n Size/MD5 checksum: 305018 b91fd4b4f92b83f70c9e7d6c578d3353\n http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny1_powerpc.deb\n Size/MD5 checksum: 578388 ccb884fa2239186f1e71f6dc07c409fc\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny1_s390.deb\n Size/MD5 checksum: 566204 e62bf4f8d31b18a1b8c8342e19bc3ad2\n http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny1_s390.deb\n Size/MD5 checksum: 289806 e51ed7c4ff9f68882f4a15fcdca96071\n http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny1_s390.deb\n Size/MD5 checksum: 1130046 a1ac3b9c196f7e75bc289a3b22f493d2\n http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny1_s390.deb\n Size/MD5 checksum: 216206 1ce8f67ca2b9f739394f10724f420923\n http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny1_s390.deb\n Size/MD5 checksum: 495762 5455f27aaaeba4f915c926a30cab67b7\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/g/gnutls26/gnutls-bin_2.4.2-6+lenny1_sparc.deb\n Size/MD5 checksum: 275976 36ce4af3d5cc465dbde5f5a2aae79412\n http://security.debian.org/pool/updates/main/g/gnutls26/guile-gnutls_2.4.2-6+lenny1_sparc.deb\n Size/MD5 checksum: 209024 fa624b91e2aaace19fd3e8811c58db93\n http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls-dev_2.4.2-6+lenny1_sparc.deb\n Size/MD5 checksum: 555742 73d68d4ca103be6606211447453d7c1f\n http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26_2.4.2-6+lenny1_sparc.deb\n Size/MD5 checksum: 437112 afcefdffc5735c5e3c7560e18b0cf993\n http://security.debian.org/pool/updates/main/g/gnutls26/libgnutls26-dbg_2.4.2-6+lenny1_sparc.deb\n Size/MD5 checksum: 1021176 0736c346230146549d5871a4572bec13\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "modified": "2009-02-28T11:44:55", "published": "2009-02-28T11:44:55", "id": "DEBIAN:DSA-1719-2:D3BA5", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00038.html", "title": "[SECURITY] [DSA 1719-2] New GNUTLS packages fix regression", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "redhat": [{"lastseen": "2018-12-11T17:45:31", "bulletinFamily": "unix", "description": "The GnuTLS library provides support for cryptographic algorithms and for\nprotocols such as Transport Layer Security (TLS). \n\nMartin von Gagern discovered a flaw in the way GnuTLS verified certificate\nchains provided by a server. A malicious server could use this flaw to\nspoof its identity by tricking client applications using the GnuTLS library\nto trust invalid certificates. (CVE-2008-4989)\n\nUsers of GnuTLS are advised to upgrade to these updated packages, which\ncontain a backported patch that corrects this issue.\n", "modified": "2017-09-08T12:07:08", "published": "2008-11-11T05:00:00", "id": "RHSA-2008:0982", "href": "https://access.redhat.com/errata/RHSA-2008:0982", "type": "redhat", "title": "(RHSA-2008:0982) Moderate: gnutls security update", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:31", "bulletinFamily": "software", "description": "Invalid trust chain verification procedure.", "modified": "2008-11-14T00:00:00", "published": "2008-11-14T00:00:00", "id": "SECURITYVULNS:VULN:9432", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9432", "title": "GnuTLS certificates spoofing", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:28", "bulletinFamily": "software", "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2008:227\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : gnutls\r\n Date : November 12, 2008\r\n Affected: 2008.0, 2008.1, 2009.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Martin von Gagern found a flow in how GnuTLS versions 1.2.4 up until\r\n 2.6.1 verified certificate chains provided by a server. A malicious\r\n server could use this flaw to spoof its identity by tricking client\r\n applications that used the GnuTLS library to trust invalid certificates\r\n (CVE-2008-4989).\r\n \r\n The updated packages have been patched to correct this issue.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4989\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2008.0:\r\n 34153ada0d8f5e15ce0c485b11831d7b 2008.0/i586/gnutls-2.0.0-2.2mdv2008.0.i586.rpm\r\n 0b46ebe6d8e44eb4d1053e66f591d069 2008.0/i586/libgnutls13-2.0.0-2.2mdv2008.0.i586.rpm\r\n f2b15aff240f686074760f6def6eb15f 2008.0/i586/libgnutls-devel-2.0.0-2.2mdv2008.0.i586.rpm \r\n 782fcf06fbbef4902a19f6f167468dd3 2008.0/SRPMS/gnutls-2.0.0-2.2mdv2008.0.src.rpm\r\n\r\n Mandriva Linux 2008.0/X86_64:\r\n 36d7717cbd69b8eaf3d3fb7a1a5460b2 2008.0/x86_64/gnutls-2.0.0-2.2mdv2008.0.x86_64.rpm\r\n 5de9bb9606d7376e1316530a06fcf811 2008.0/x86_64/lib64gnutls13-2.0.0-2.2mdv2008.0.x86_64.rpm\r\n 31ac4eada9cc4728961a63cd4c0b9f1b 2008.0/x86_64/lib64gnutls-devel-2.0.0-2.2mdv2008.0.x86_64.rpm \r\n 782fcf06fbbef4902a19f6f167468dd3 2008.0/SRPMS/gnutls-2.0.0-2.2mdv2008.0.src.rpm\r\n\r\n Mandriva Linux 2008.1:\r\n a994e8b75456e7072140ce99b3db34b3 2008.1/i586/gnutls-2.3.0-2.2mdv2008.1.i586.rpm\r\n 4a75a7074c2c3ce5ed7e227c1fb649bc 2008.1/i586/libgnutls26-2.3.0-2.2mdv2008.1.i586.rpm\r\n 663eb73655292445f569db0eaded64c4 2008.1/i586/libgnutls-devel-2.3.0-2.2mdv2008.1.i586.rpm \r\n 98cdc535fca1c579c615a78acf664b93 2008.1/SRPMS/gnutls-2.3.0-2.2mdv2008.1.src.rpm\r\n\r\n Mandriva Linux 2008.1/X86_64:\r\n 34218ff0d8daa441c641324911e28e04 2008.1/x86_64/gnutls-2.3.0-2.2mdv2008.1.x86_64.rpm\r\n 49ffee1bd312e6f96937e083ad62e43e 2008.1/x86_64/lib64gnutls26-2.3.0-2.2mdv2008.1.x86_64.rpm\r\n fb3fc4547c83eb9c0d888af75e277c99 2008.1/x86_64/lib64gnutls-devel-2.3.0-2.2mdv2008.1.x86_64.rpm \r\n 98cdc535fca1c579c615a78acf664b93 2008.1/SRPMS/gnutls-2.3.0-2.2mdv2008.1.src.rpm\r\n\r\n Mandriva Linux 2009.0:\r\n d2c4bbbef7fcc9dae472469d0464ae34 2009.0/i586/gnutls-2.4.1-1.1mdv2009.0.i586.rpm\r\n 648df3147464016c51f5b912c705ba34 2009.0/i586/libgnutls26-2.4.1-1.1mdv2009.0.i586.rpm\r\n 213046d8f2a3979da2a2bf9477b8de66 2009.0/i586/libgnutls-devel-2.4.1-1.1mdv2009.0.i586.rpm \r\n 11f9b81ba4f9572c5f98d8ef95dc0448 2009.0/SRPMS/gnutls-2.4.1-1.1mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2009.0/X86_64:\r\n eba230e9e703fec6d24218bbb343213f 2009.0/x86_64/gnutls-2.4.1-1.1mdv2009.0.x86_64.rpm\r\n 97e3ade4d719d783338f96032cff40f5 2009.0/x86_64/lib64gnutls26-2.4.1-1.1mdv2009.0.x86_64.rpm\r\n f2cb5fa913970ede87d7ede80afe91e0 2009.0/x86_64/lib64gnutls-devel-2.4.1-1.1mdv2009.0.x86_64.rpm \r\n 11f9b81ba4f9572c5f98d8ef95dc0448 2009.0/SRPMS/gnutls-2.4.1-1.1mdv2009.0.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (GNU/Linux)\r\n\r\niD8DBQFJG2WdmqjQ0CJFipgRAlcYAJ0d/RzfKhu55fYf46oaCyRhgp8wnACfdwka\r\nPM1D51X/eji/nCMzlZ2qk0c=\r\n=Arsu\r\n-----END PGP SIGNATURE-----", "modified": "2008-11-14T00:00:00", "published": "2008-11-14T00:00:00", "id": "SECURITYVULNS:DOC:20862", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20862", "title": "[ MDVSA-2008:227 ] gnutls", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:31", "bulletinFamily": "software", "description": "===========================================================\r\nUbuntu Security Notice USN-809-1 August 19, 2009\r\ngnutls12, gnutls13, gnutls26 vulnerabilities\r\nCVE-2009-2409, CVE-2009-2730, https://launchpad.net/bugs/305264\r\n===========================================================\r\n\r\nA security issue affects the following Ubuntu releases:\r\n\r\nUbuntu 6.06 LTS\r\nUbuntu 8.04 LTS\r\nUbuntu 8.10\r\nUbuntu 9.04\r\n\r\nThis advisory also applies to the corresponding versions of\r\nKubuntu, Edubuntu, and Xubuntu.\r\n\r\nThe problem can be corrected by upgrading your system to the\r\nfollowing package versions:\r\n\r\nUbuntu 6.06 LTS:\r\n libgnutls12 1.2.9-2ubuntu1.7\r\n\r\nUbuntu 8.04 LTS:\r\n libgnutls13 2.0.4-1ubuntu2.6\r\n\r\nUbuntu 8.10:\r\n libgnutls26 2.4.1-1ubuntu0.4\r\n\r\nUbuntu 9.04:\r\n libgnutls26 2.4.2-6ubuntu0.1\r\n\r\nIn general, a standard system upgrade is sufficient to effect the\r\nnecessary changes.\r\n\r\nDetails follow:\r\n\r\nMoxie Marlinspike and Dan Kaminsky independently discovered that GnuTLS did\r\nnot properly handle certificates with NULL characters in the certificate\r\nname. An attacker could exploit this to perform a man in the middle attack\r\nto view sensitive information or alter encrypted communications.\r\n(CVE-2009-2730)\r\n\r\nDan Kaminsky discovered GnuTLS would still accept certificates with MD2\r\nhash signatures. As a result, an attacker could potentially create a\r\nmalicious trusted certificate to impersonate another site. This issue only\r\naffected Ubuntu 6.06 LTS and Ubuntu 8.10. (CVE-2009-2409)\r\n\r\nUSN-678-1 fixed a vulnerability and USN-678-2 a regression in GnuTLS. The\r\n upstream patches introduced a regression when validating certain certificate\r\n chains that would report valid certificates as untrusted. This update\r\n fixes the problem, and only affected Ubuntu 6.06 LTS and Ubuntu 8.10 (Ubuntu\r\n 8.04 LTS and 9.04 were fixed at an earlier date). In an effort to maintain a\r\n strong security stance and address all known regressions, this update\r\n deprecates X.509 validation chains using MD2 and MD5 signatures. To accomodate\r\n sites which must still use a deprected RSA-MD5 certificate, GnuTLS has been\r\n updated to stop looking when it has found a trusted intermediary certificate.\r\n This new handling of intermediary certificates is in accordance with other SSL\r\n implementations.\r\n\r\nOriginal advisory details:\r\n\r\n Martin von Gagern discovered that GnuTLS did not properly verify\r\n certificate chains when the last certificate in the chain was self-signed.\r\n If a remote attacker were able to perform a man-in-the-middle attack, this\r\n flaw could be exploited to view sensitive information. (CVE-2008-4989)\r\n\r\n\r\nUpdated packages for Ubuntu 6.06 LTS:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/gnutls12_1.2.9-2ubuntu1.7.diff.gz\r\n Size/MD5: 554667 4768cc0dd3cb878c8aa7afee2959ff29\r\n http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/gnutls12_1.2.9-2ubuntu1.7.dsc\r\n Size/MD5: 826 1ab9a0c1cd3523315282efcb7293dd75\r\n http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/gnutls12_1.2.9.orig.tar.gz\r\n Size/MD5: 3305475 4e1a2e9c22c7d6459d5eb5e6484a19c4\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/libgnutls-dev_1.2.9-2ubuntu1.7_amd64.deb\r\n Size/MD5: 492490 417aa26bf006f9c6e73d4853e1f185c4\r\n http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/libgnutls12_1.2.9-2ubuntu1.7_amd64.deb\r\n Size/MD5: 421410 902f41030e3b1108215df708f682a1da\r\n http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls12/gnutls-bin_1.2.9-2ubuntu1.7_amd64.deb\r\n Size/MD5: 289176 b73384d64a3bee761fa1b38367b6999c\r\n http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls12/libgnutls12-dbg_1.2.9-2ubuntu1.7_amd64.deb\r\n Size/MD5: 644188 fd9c6da745ad172c2f1e0edcfb320769\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/libgnutls-dev_1.2.9-2ubuntu1.7_i386.deb\r\n Size/MD5: 446378 b0b93cf0f032fca74fcece6cf7731429\r\n http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/libgnutls12_1.2.9-2ubuntu1.7_i386.deb\r\n Size/MD5: 374228 468b5b516d97d226c6df96131eb33485\r\n http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls12/gnutls-bin_1.2.9-2ubuntu1.7_i386.deb\r\n Size/MD5: 272962 1ce7bac47ed06578daeb459d45b18767\r\n http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls12/libgnutls12-dbg_1.2.9-2ubuntu1.7_i386.deb\r\n Size/MD5: 579552 94d654d3848c5acbe4a7afbe3d2681ca\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/libgnutls-dev_1.2.9-2ubuntu1.7_powerpc.deb\r\n Size/MD5: 485514 806fc0074fb1ec88484989f3dce6da08\r\n http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/libgnutls12_1.2.9-2ubuntu1.7_powerpc.deb\r\n Size/MD5: 392194 38ee631771c49b3f1ab47e0faa969222\r\n http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls12/gnutls-bin_1.2.9-2ubuntu1.7_powerpc.deb\r\n Size/MD5: 289456 1c26b2f0e208115b908a5ae7cc5abd71\r\n http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls12/libgnutls12-dbg_1.2.9-2ubuntu1.7_powerpc.deb\r\n Size/MD5: 636918 667523ee75e49f717e4ecb08b3b99754\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/libgnutls-dev_1.2.9-2ubuntu1.7_sparc.deb\r\n Size/MD5: 481994 a600a9e9e8468ad44665eb9bf9a4c473\r\n http://security.ubuntu.com/ubuntu/pool/main/g/gnutls12/libgnutls12_1.2.9-2ubuntu1.7_sparc.deb\r\n Size/MD5: 377550 9b35ece6edfe90f6191e18bb8ceb6d5e\r\n http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls12/gnutls-bin_1.2.9-2ubuntu1.7_sparc.deb\r\n Size/MD5: 274108 8b3e86059633097417f55395324b3355\r\n http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls12/libgnutls12-dbg_1.2.9-2ubuntu1.7_sparc.deb\r\n Size/MD5: 571492 58af8870aecef6783534609ad95accb7\r\n\r\nUpdated packages for Ubuntu 8.04 LTS:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/gnutls13_2.0.4-1ubuntu2.6.diff.gz\r\n Size/MD5: 31707 8e5c4a03d06ddb6a6dad9a32737814dc\r\n http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/gnutls13_2.0.4-1ubuntu2.6.dsc\r\n Size/MD5: 1082 b4668c2bc960652bc89988a8f7125c6a\r\n http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/gnutls13_2.0.4.orig.tar.gz\r\n Size/MD5: 5906571 bd783a052b892620534ecfbc4a9bfede\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/gnutls-doc_2.0.4-1ubuntu2.6_all.deb\r\n Size/MD5: 2507274 1643f1c93d8b8cc5310116d853e7a556\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/libgnutls-dev_2.0.4-1ubuntu2.6_amd64.deb\r\n Size/MD5: 385124 531093a01e45186a704baa11dd93cf15\r\n http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/libgnutls13-dbg_2.0.4-1ubuntu2.6_amd64.deb\r\n Size/MD5: 743652 e49fcdbd9e7f265ee4a332778f8731f3\r\n http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/libgnutls13_2.0.4-1ubuntu2.6_amd64.deb\r\n Size/MD5: 344854 437916aa40d9b706f931721c4c88f731\r\n http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/libgnutlsxx13_2.0.4-1ubuntu2.6_amd64.deb\r\n Size/MD5: 30768 a23f85e68c3628243e4f2c7d31c2512a\r\n http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls13/gnutls-bin_2.0.4-1ubuntu2.6_amd64.deb\r\n Size/MD5: 140238 56a84d95d58846c1624409975d279fbe\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/libgnutls-dev_2.0.4-1ubuntu2.6_i386.deb\r\n Size/MD5: 345776 03ae7bead3c9c14d4dc47ce24b03319c\r\n http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/libgnutls13-dbg_2.0.4-1ubuntu2.6_i386.deb\r\n Size/MD5: 709966 5275636dc5156d7647e6b6c9f04828d1\r\n http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/libgnutls13_2.0.4-1ubuntu2.6_i386.deb\r\n Size/MD5: 307838 63028af698a596108220d25df7841539\r\n http://security.ubuntu.com/ubuntu/pool/main/g/gnutls13/libgnutlsxx13_2.0.4-1ubuntu2.6_i386.deb\r\n Size/MD5: 31384 d7d636a89925e412a7d6ac6edcd87855\r\n http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls13/gnutls-bin_2.0.4-1ubuntu2.6_i386.deb\r\n Size/MD5: 126498 f7f0dd38a5a4d42804ab3aa7c59b5a70\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutls-dev_2.0.4-1ubuntu2.6_lpia.deb\r\n Size/MD5: 336692 bbdd4e1670b604bbb2d34d8960c0d2f8\r\n http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutls13-dbg_2.0.4-1ubuntu2.6_lpia.deb\r\n Size/MD5: 724500 836998e3eb360bcbd38361aa4004f567\r\n http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutls13_2.0.4-1ubuntu2.6_lpia.deb\r\n Size/MD5: 302048 e8a52c895868ef6cc45726ff43bc23bc\r\n http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutlsxx13_2.0.4-1ubuntu2.6_lpia.deb\r\n Size/MD5: 30792 c4638255fd9c5b2c50c6fad1c7ff7afc\r\n http://ports.ubuntu.com/pool/universe/g/gnutls13/gnutls-bin_2.0.4-1ubuntu2.6_lpia.deb\r\n Size/MD5: 127136 044da500eb2d345d7b338728602e7ef8\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutls-dev_2.0.4-1ubuntu2.6_powerpc.deb\r\n Size/MD5: 383998 3447424db1ce9f028fcec9cbfb463908\r\n http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutls13-dbg_2.0.4-1ubuntu2.6_powerpc.deb\r\n Size/MD5: 736142 7b9aca4c7f4737e335eff74bf12bb554\r\n http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutls13_2.0.4-1ubuntu2.6_powerpc.deb\r\n Size/MD5: 325900 50bc890b18ccbe235501218c82dd8457\r\n http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutlsxx13_2.0.4-1ubuntu2.6_powerpc.deb\r\n Size/MD5: 31028 69d1559574debb89411184a64fa1b8aa\r\n http://ports.ubuntu.com/pool/universe/g/gnutls13/gnutls-bin_2.0.4-1ubuntu2.6_powerpc.deb\r\n Size/MD5: 159464 d122c1d6d5d9ca2b6ab551e7aa273448\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutls-dev_2.0.4-1ubuntu2.6_sparc.deb\r\n Size/MD5: 371056 b06b1a25e7642ec78454e2e7ac57133c\r\n http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutls13-dbg_2.0.4-1ubuntu2.6_sparc.deb\r\n Size/MD5: 659954 367c32c1fd12beb9846b6b8c88262ddb\r\n http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutls13_2.0.4-1ubuntu2.6_sparc.deb\r\n Size/MD5: 295620 c3a7bfa06cc0c2a86e40befb62588018\r\n http://ports.ubuntu.com/pool/main/g/gnutls13/libgnutlsxx13_2.0.4-1ubuntu2.6_sparc.deb\r\n Size/MD5: 29454 a8d29e11ef888434ed363601a780d0a6\r\n http://ports.ubuntu.com/pool/universe/g/gnutls13/gnutls-bin_2.0.4-1ubuntu2.6_sparc.deb\r\n Size/MD5: 129498 231565b3154e43e6b6b1bae53e05bbb4\r\n\r\nUpdated packages for Ubuntu 8.10:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/g/gnutls26/gnutls26_2.4.1-1ubuntu0.4.diff.gz\r\n Size/MD5: 19423 b012c9270dbf34ba73cc5261768ea1f4\r\n http://security.ubuntu.com/ubuntu/pool/main/g/gnutls26/gnutls26_2.4.1-1ubuntu0.4.dsc\r\n Size/MD5: 1665 fc013ee464ee8805adc97eab9a8e9a55\r\n http://security.ubuntu.com/ubuntu/pool/main/g/gnutls26/gnutls26_2.4.1.orig.tar.gz\r\n Size/MD5: 6059231 1eeaf1539ab42cf677df9035ab4b8db5\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/g/gnutls26/gnutls-doc_2.4.1-1ubuntu0.4_all.deb\r\n Size/MD5: 2688708 7902dfa81c389717139bdbe46beae2a9\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/g/gnutls26/libgnutls-dev_2.4.1-1ubuntu0.4_amd64.deb\r\n Size/MD5: 450006 4744a1edddd93513ec3a6cd2da7f5ea9\r\n http://security.ubuntu.com/ubuntu/pool/main/g/gnutls26/libgnutls26-dbg_2.4.1-1ubuntu0.4_amd64.deb\r\n Size/MD5: 1041708 7ca945c027d15eaceb5814475232d81f\r\n http://security.ubuntu.com/ubuntu/pool/main/g/gnutls26/libgnutls26_2.4.1-1ubuntu0.4_amd64.deb\r\n Size/MD5: 412446 87249f9a4b27273ffc7a342ad671ab9f\r\n http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls26/gnutls-bin_2.4.1-1ubuntu0.4_amd64.deb\r\n Size/MD5: 144698 4a0b38d61db72a4800736817c8427b9b\r\n http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls26/guile-gnutls_2.4.1-1ubuntu0.4_amd64.deb\r\n Size/MD5: 77296 70a3233015572f954ff1cf0d50be9e36\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/g/gnutls26/libgnutls-dev_2.4.1-1ubuntu0.4_i386.deb\r\n Size/MD5: 402408 eb4b0da30605dd69ba4ddf2639f04302\r\n http://security.ubuntu.com/ubuntu/pool/main/g/gnutls26/libgnutls26-dbg_2.4.1-1ubuntu0.4_i386.deb\r\n Size/MD5: 998786 80dd0d5f8ca38c7d0d4d698bdafa11ca\r\n http://security.ubuntu.com/ubuntu/pool/main/g/gnutls26/libgnutls26_2.4.1-1ubuntu0.4_i386.deb\r\n Size/MD5: 369068 a160d26b5c3c32b8fb2701cab094e6e0\r\n http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls26/gnutls-bin_2.4.1-1ubuntu0.4_i386.deb\r\n Size/MD5: 130614 76f366c871f1a3c4721117b93f2b2bf4\r\n http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls26/guile-gnutls_2.4.1-1ubuntu0.4_i386.deb\r\n Size/MD5: 71520 c69f3bbb3bd7eb3930b1535dad56f0b2\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/g/gnutls26/libgnutls-dev_2.4.1-1ubuntu0.4_lpia.deb\r\n Size/MD5: 391488 04e2d3028ae086398988a4d99d9a53a5\r\n http://ports.ubuntu.com/pool/main/g/gnutls26/libgnutls26-dbg_2.4.1-1ubuntu0.4_lpia.deb\r\n Size/MD5: 874982 b46bc24485abbdda0a3661e7400f13dd\r\n http://ports.ubuntu.com/pool/main/g/gnutls26/libgnutls26_2.4.1-1ubuntu0.4_lpia.deb\r\n Size/MD5: 361614 31d656e9e029a50e97643e973efdb30f\r\n http://ports.ubuntu.com/pool/universe/g/gnutls26/gnutls-bin_2.4.1-1ubuntu0.4_lpia.deb\r\n Size/MD5: 130282 3276c61532f604e85a8a07336f3b689b\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/g/gnutls26/libgnutls-dev_2.4.1-1ubuntu0.4_powerpc.deb\r\n Size/MD5: 440816 a2d45c80fd8f52b064088201f7dbd790\r\n http://ports.ubuntu.com/pool/main/g/gnutls26/libgnutls26-dbg_2.4.1-1ubuntu0.4_powerpc.deb\r\n Size/MD5: 1042268 da18f50823e716773497ba0329ffb565\r\n http://ports.ubuntu.com/pool/main/g/gnutls26/libgnutls26_2.4.1-1ubuntu0.4_powerpc.deb\r\n Size/MD5: 389332 eac27e6c9d20b7439e1b287a343668d9\r\n http://ports.ubuntu.com/pool/universe/g/gnutls26/gnutls-bin_2.4.1-1ubuntu0.4_powerpc.deb\r\n Size/MD5: 160064 975dd7b0bbe1ecea08b58105b5b8ff5f\r\n http://ports.ubuntu.com/pool/universe/g/gnutls26/guile-gnutls_2.4.1-1ubuntu0.4_powerpc.deb\r\n Size/MD5: 77538 a84c6537a4f01334967ff195b42f7078\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/g/gnutls26/libgnutls-dev_2.4.1-1ubuntu0.4_sparc.deb\r\n Size/MD5: 420528 811c15108877b91f24e23074c8fbd028\r\n http://ports.ubuntu.com/pool/main/g/gnutls26/libgnutls26-dbg_2.4.1-1ubuntu0.4_sparc.deb\r\n Size/MD5: 931060 70539c8fc2174101ee9698df3de28ea9\r\n http://ports.ubuntu.com/pool/main/g/gnutls26/libgnutls26_2.4.1-1ubuntu0.4_sparc.deb\r\n Size/MD5: 349258 042586c9605cfc90c179794e484bb660\r\n http://ports.ubuntu.com/pool/universe/g/gnutls26/gnutls-bin_2.4.1-1ubuntu0.4_sparc.deb\r\n Size/MD5: 133212 a4ef9ce1a186fdca1db186f2e94ad0cc\r\n http://ports.ubuntu.com/pool/universe/g/gnutls26/guile-gnutls_2.4.1-1ubuntu0.4_sparc.deb\r\n Size/MD5: 69070 22ea6192f3421344a83b33741b28f70c\r\n\r\nUpdated packages for Ubuntu 9.04:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/g/gnutls26/gnutls26_2.4.2-6ubuntu0.1.diff.gz\r\n Size/MD5: 22213 16cd7a18ec444ee4b1cb2c4fa181c290\r\n http://security.ubuntu.com/ubuntu/pool/main/g/gnutls26/gnutls26_2.4.2-6ubuntu0.1.dsc\r\n Size/MD5: 1704 45287164966155b7e31d7ffb581369ee\r\n http://security.ubuntu.com/ubuntu/pool/main/g/gnutls26/gnutls26_2.4.2.orig.tar.gz\r\n Size/MD5: 5984345 8fea7c57f4badcafcd31eb0f981f169a\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/g/gnutls26/gnutls-doc_2.4.2-6ubuntu0.1_all.deb\r\n Size/MD5: 2690312 79c303c3b30595e4a6e5063587b37e18\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/g/gnutls26/libgnutls-dev_2.4.2-6ubuntu0.1_amd64.deb\r\n Size/MD5: 450002 97ff5851fb28fad89565f85b725a7682\r\n http://security.ubuntu.com/ubuntu/pool/main/g/gnutls26/libgnutls26-dbg_2.4.2-6ubuntu0.1_amd64.deb\r\n Size/MD5: 1042084 f3b66e3daaf57286d4cd1a67c3f9e074\r\n http://security.ubuntu.com/ubuntu/pool/main/g/gnutls26/libgnutls26_2.4.2-6ubuntu0.1_amd64.deb\r\n Size/MD5: 412806 00b0e0f4c20fff1112c612bfb6ed9042\r\n http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls26/gnutls-bin_2.4.2-6ubuntu0.1_amd64.deb\r\n Size/MD5: 145008 beb700fcd80e16b2a3d1ddc05b6ef29f\r\n http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls26/guile-gnutls_2.4.2-6ubuntu0.1_amd64.deb\r\n Size/MD5: 77278 4eead535839d3181256121af0f2ad181\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/g/gnutls26/libgnutls-dev_2.4.2-6ubuntu0.1_i386.deb\r\n Size/MD5: 402404 e7e036b8e128d4de72ecbe513ee2c7bd\r\n http://security.ubuntu.com/ubuntu/pool/main/g/gnutls26/libgnutls26-dbg_2.4.2-6ubuntu0.1_i386.deb\r\n Size/MD5: 998704 496a2c01c4244e173a16b1e7526dde59\r\n http://security.ubuntu.com/ubuntu/pool/main/g/gnutls26/libgnutls26_2.4.2-6ubuntu0.1_i386.deb\r\n Size/MD5: 369616 075888a30a325c12c203912995c40823\r\n http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls26/gnutls-bin_2.4.2-6ubuntu0.1_i386.deb\r\n Size/MD5: 130922 d728c7ecc14d322b61153fe164846bda\r\n http://security.ubuntu.com/ubuntu/pool/universe/g/gnutls26/guile-gnutls_2.4.2-6ubuntu0.1_i386.deb\r\n Size/MD5: 71524 b12716d1a500f793e9c1f8fbc483992e\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/g/gnutls26/libgnutls-dev_2.4.2-6ubuntu0.1_lpia.deb\r\n Size/MD5: 391528 0528cdadeefbba75edcce6e63e6e9d93\r\n http://ports.ubuntu.com/pool/main/g/gnutls26/libgnutls26-dbg_2.4.2-6ubuntu0.1_lpia.deb\r\n Size/MD5: 875300 8be5e16398da6e8cbac24227c581c124\r\n http://ports.ubuntu.com/pool/main/g/gnutls26/libgnutls26_2.4.2-6ubuntu0.1_lpia.deb\r\n Size/MD5: 362212 d1e26131c085f9e212cf4c737ffbc442\r\n http://ports.ubuntu.com/pool/universe/g/gnutls26/gnutls-bin_2.4.2-6ubuntu0.1_lpia.deb\r\n Size/MD5: 130574 716af2377fa3034b5dcfacf9ef751ab4\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/g/gnutls26/libgnutls-dev_2.4.2-6ubuntu0.1_powerpc.deb\r\n Size/MD5: 440808 4186982218e239885c9003e7347c2f73\r\n http://ports.ubuntu.com/pool/main/g/gnutls26/libgnutls26-dbg_2.4.2-6ubuntu0.1_powerpc.deb\r\n Size/MD5: 1042024 3162117293da663c134beb69c782ca76\r\n http://ports.ubuntu.com/pool/main/g/gnutls26/libgnutls26_2.4.2-6ubuntu0.1_powerpc.deb\r\n Size/MD5: 389866 0ced018684aeb1548b2d3633854fb192\r\n http://ports.ubuntu.com/pool/universe/g/gnutls26/gnutls-bin_2.4.2-6ubuntu0.1_powerpc.deb\r\n Size/MD5: 160370 d19443b455a4a269fc486cc3ed06f613\r\n http://ports.ubuntu.com/pool/universe/g/gnutls26/guile-gnutls_2.4.2-6ubuntu0.1_powerpc.deb\r\n Size/MD5: 77538 c7cdad60919fdddcd667149c522eb6bb\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/g/gnutls26/libgnutls-dev_2.4.2-6ubuntu0.1_sparc.deb\r\n Size/MD5: 420484 9b993e4bf1f08a752e8ccab73f647519\r\n http://ports.ubuntu.com/pool/main/g/gnutls26/libgnutls26-dbg_2.4.2-6ubuntu0.1_sparc.deb\r\n Size/MD5: 930542 d1a196c6f79f4c3ce3cd5c34c91e7a23\r\n http://ports.ubuntu.com/pool/main/g/gnutls26/libgnutls26_2.4.2-6ubuntu0.1_sparc.deb\r\n Size/MD5: 349644 a2281af4ca4803d61d111bbc3615d8e5\r\n http://ports.ubuntu.com/pool/universe/g/gnutls26/gnutls-bin_2.4.2-6ubuntu0.1_sparc.deb\r\n Size/MD5: 133354 6fd94b8f2b05ab7a64f35a890279698a\r\n http://ports.ubuntu.com/pool/universe/g/gnutls26/guile-gnutls_2.4.2-6ubuntu0.1_sparc.deb\r\n Size/MD5: 68998 bf826c0ea31d1f9a1ca930e0853b9cd1\r\n\r\n", "modified": "2009-08-20T00:00:00", "published": "2009-08-20T00:00:00", "id": "SECURITYVULNS:DOC:22354", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22354", "title": "[USN-809-1] GnuTLS vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "seebug": [{"lastseen": "2017-11-19T21:21:09", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 32232\r\nCVE(CAN) ID: CVE-2008-4989\r\n\r\nGnuTLS\u662f\u7528\u4e8e\u5b9e\u73b0TLS\u52a0\u5bc6\u534f\u8bae\u7684\u51fd\u6570\u5e93\u3002\r\n\r\nGNU TLS\u5e93\u7684X.509\u8bc1\u4e66\u94fe\u9a8c\u8bc1\u4e2d\u5b58\u5728\u9519\u8bef\uff0c\u5141\u8bb8\u4e2d\u95f4\u4eba\u7528\u6237\u4f7f\u7528\u4efb\u610f\u540d\u79f0\u5e76\u8bf1\u9a97GNU TLS\u5ba2\u6237\u7aef\u4fe1\u4efb\u8be5\u540d\u79f0\u3002\r\n\r\n\u6f0f\u6d1e\u5177\u4f53\u5b58\u5728\u4e8ex509/verify.c\u6587\u4ef6\u7684_gnutls_x509_verify_certificate\u51fd\u6570\u4e2d\uff1a\r\n\r\n1. \u7528\u53ef\u4fe1\u4efb\u8bc1\u4e66\u5217\u8868\u9a8c\u8bc1\u8bc1\u4e66\u5217\u8868\u7684\u6700\u540e\u4e00\u4e2a\u5355\u5143\u3002\r\n2. \u5982\u679c\u662f\u81ea\u7b7e\u540d\u7684\u8bdd\uff0c\u4ece\u5217\u8868\u4e2d\u5220\u9664\u6700\u540e\u4e00\u4e2a\u5355\u5143\u3002\r\n3. \u68c0\u67e5\u8bc1\u4e66\u94fe\u786e\u4fdd\u6bcf\u4e2a\u8bc1\u4e66\u90fd\u7531\u540e\u4e00\u4e2a\u7b7e\u540d\uff0c\u9664\u4e86\u6700\u540e\u4e00\u4e2a\u5355\u5143\u3002\r\n\r\n\u5982\u679c\u5411\u5217\u8868\u4e2d\u6dfb\u52a0\u4efb\u610f\u7684\u81ea\u7b7e\u540d\u53ef\u4fe1\u4efb\u8bc1\u4e66\uff0c\u5c31\u4e0d\u4f1a\u68c0\u67e5\u53ef\u4fe1\u4efb\u8bc1\u4e66\u5217\u8868\u4fbf\u4fe1\u4efb\u5012\u6570\u7b2c\u4e8c\u4e2a\u5355\u5143\u3002\n0\nGNU GnuTLS < 2.6.1\nGNU\r\n---\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=http://ftp.gnu.org/pub/gnu/gnutls/gnutls-2.6.1.tar.bz2 target=_blank>http://ftp.gnu.org/pub/gnu/gnutls/gnutls-2.6.1.tar.bz2</a>", "modified": "2008-11-12T00:00:00", "published": "2008-11-12T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-4429", "id": "SSV:4429", "title": "GnuTLS X.509\u8bc1\u4e66\u94fe\u9a8c\u8bc1\u6f0f\u6d1e", "type": "seebug", "sourceData": "", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": ""}], "centos": [{"lastseen": "2017-10-03T18:24:56", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2008:0982\n\n\nThe GnuTLS library provides support for cryptographic algorithms and for\nprotocols such as Transport Layer Security (TLS). \n\nMartin von Gagern discovered a flaw in the way GnuTLS verified certificate\nchains provided by a server. A malicious server could use this flaw to\nspoof its identity by tricking client applications using the GnuTLS library\nto trust invalid certificates. (CVE-2008-4989)\n\nUsers of GnuTLS are advised to upgrade to these updated packages, which\ncontain a backported patch that corrects this issue.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-November/015391.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-November/015392.html\n\n**Affected packages:**\ngnutls\ngnutls-devel\ngnutls-utils\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0982.html", "modified": "2008-11-11T21:05:19", "published": "2008-11-11T21:05:18", "href": "http://lists.centos.org/pipermail/centos-announce/2008-November/015392.html", "id": "CESA-2008:0982", "title": "gnutls security update", "type": "centos", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:27", "bulletinFamily": "unix", "description": "### Background\n\nGnuTLS is an open-source implementation of TLS 1.0 and SSL 3.0. \n\n### Description\n\nMartin von Gagern reported that the _gnutls_x509_verify_certificate() function in lib/x509/verify.c trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate. \n\n### Impact\n\nA remote attacker could exploit this vulnerability and spoof arbitrary names to conduct Man-In-The-Middle attacks and intercept sensitive information. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll GnuTLS users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-libs/gnutls-2.4.1-r2\"", "modified": "2009-01-14T00:00:00", "published": "2009-01-14T00:00:00", "id": "GLSA-200901-10", "href": "https://security.gentoo.org/glsa/200901-10", "type": "gentoo", "title": "GnuTLS: Certificate validation error", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}]}