Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2008:0982
HistoryNov 11, 2008 - 12:00 a.m.

(RHSA-2008:0982) Moderate: gnutls security update

2008-11-1100:00:00
access.redhat.com
10

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

69.1%

JSON

The GnuTLS library provides support for cryptographic algorithms and for
protocols such as Transport Layer Security (TLS).

Martin von Gagern discovered a flaw in the way GnuTLS verified certificate
chains provided by a server. A malicious server could use this flaw to
spoof its identity by tricking client applications using the GnuTLS library
to trust invalid certificates. (CVE-2008-4989)

Users of GnuTLS are advised to upgrade to these updated packages, which
contain a backported patch that corrects this issue.

OSVersionArchitecturePackageVersionFilename
RedHat5ppc64gnutls-devel<Β 1.4.1-3.el5_2.1gnutls-devel-1.4.1-3.el5_2.1.ppc64.rpm
RedHat5ia64gnutls-devel<Β 1.4.1-3.el5_2.1gnutls-devel-1.4.1-3.el5_2.1.ia64.rpm
RedHat5x86_64gnutls-utils<Β 1.4.1-3.el5_2.1gnutls-utils-1.4.1-3.el5_2.1.x86_64.rpm
RedHat5ppc64gnutls<Β 1.4.1-3.el5_2.1gnutls-1.4.1-3.el5_2.1.ppc64.rpm
RedHat5i386gnutls-devel<Β 1.4.1-3.el5_2.1gnutls-devel-1.4.1-3.el5_2.1.i386.rpm
RedHat5ppcgnutls-devel<Β 1.4.1-3.el5_2.1gnutls-devel-1.4.1-3.el5_2.1.ppc.rpm
RedHat5s390xgnutls<Β 1.4.1-3.el5_2.1gnutls-1.4.1-3.el5_2.1.s390x.rpm
RedHat5ppcgnutls<Β 1.4.1-3.el5_2.1gnutls-1.4.1-3.el5_2.1.ppc.rpm
RedHat5x86_64gnutls<Β 1.4.1-3.el5_2.1gnutls-1.4.1-3.el5_2.1.x86_64.rpm
RedHat5i386gnutls-utils<Β 1.4.1-3.el5_2.1gnutls-utils-1.4.1-3.el5_2.1.i386.rpm
Rows per page:
1-10 of 201

Related

openvas 43
nessus 34
securityvulns 3
seebug 1
prion 1
ubuntu 3
cve 1
freebsd 1
altlinux 2
debian 2
oraclelinux 1
osv 1
fedora 4
gentoo 1
slackware 1
ubuntucve 1
centos 1
openvas
openvas
Fedora Update for gnutls FEDORA-2008-10000
2009-02-16 00:00:00
SLES10: Security update for GnuTLS
2009-10-13 00:00:00
RedHat Update for gnutls RHSA-2008:0982-01
2009-03-06 00:00:00
nessus
nessus
openSUSE Security Update : gnutls (gnutls-605)
2009-07-21 00:00:00
Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : gnutls12, gnutls13, gnutls26 regression (USN-678-2)
2009-04-23 00:00:00
Fedora 10 : gnutls-2.4.2-3.fc10 (2008-10162)
2012-09-24 00:00:00
securityvulns
securityvulns
GnuTLS certificates spoofing
2008-11-14 00:00:00
[ MDVSA-2008:227 ] gnutls
2008-11-14 00:00:00
[USN-809-1] GnuTLS vulnerabilities
2009-08-20 00:00:00
seebug
seebug
GnuTLS X.509证书链ιͺŒθ―ζΌζ΄ž
2008-11-12 00:00:00
prion
prion
Code injection
2008-11-13 01:00:00
ubuntu
ubuntu
GnuTLS regression
2008-12-10 00:00:00
GnuTLS vulnerability
2008-11-26 00:00:00
GnuTLS vulnerabilities
2009-08-19 00:00:00
cve
cve
CVE-2008-4989
2008-11-13 01:00:00
freebsd
freebsd
gnutls -- X.509 certificate chain validation vulnerability
2008-11-10 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package gnutls30 version 2.6.3-alt1
2008-12-21 00:00:00
Security fix for the ALT Linux 10 package gnutls30 version 2.6.3-alt1
2008-12-21 00:00:00
debian
debian
[SECURITY] [DSA 1719-1] New gnutls13 packages fix certificate validation
2009-02-10 07:00:19
[SECURITY] [DSA 1719-2] New GNUTLS packages fix regression
2009-02-28 11:44:38
oraclelinux
oraclelinux
gnutls security update
2008-11-11 00:00:00
osv
osv
gnutls13 - certificate validation
2009-02-10 00:00:00
fedora
fedora
[SECURITY] Fedora 8 Update: gnutls-1.6.3-5.fc8
2008-11-12 03:00:29
[SECURITY] Fedora 10 Update: gnutls-2.4.2-3.fc10
2008-11-22 16:51:32
[SECURITY] Fedora 9 Update: gnutls-2.0.4-4.fc9
2008-11-12 02:52:29
gentoo
gentoo
GnuTLS: Certificate validation error
2009-01-14 00:00:00
slackware
slackware
[slackware-security] gnutls
2008-11-11 03:18:27
ubuntucve
ubuntucve
CVE-2008-4989
2008-11-12 00:00:00
centos
centos
gnutls security update
2008-11-11 21:05:18

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

69.1%

JSON
Related for RHSA-2008:0982
openvas43nessus34securityvulns3seebug1prion1ubuntu3cve1freebsd1altlinux2debian2oraclelinux1osv1fedora4gentoo1slackware1ubuntucve1centos1