FreeBSD Ports: gnutls

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

FreeBSD Ports: gnutls

The remote host is missing an update to the system as announced in the referenced advisory. VID 45298931-b3bf-11dd-80f8-001cc0377035 OpenVAS Vulnerability Test $ Description: Auto generated from VID 45298931-b3bf-11dd-80f8-001cc0377035 Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

Slackware 12.0 / 12.1 / current : gnutls (SSA:2008-320-01)

New gnutls packages are available for Slackware 12.0, 12.1, and -current to correctly fix the certificate chain verification issue that the upgrade to gnutls-2.6.1 attempted to fix. Without this upgrade, processing a certificate chain containing only one self-signed certificate may cause GnuTLS...

FreeBSD : gnutls -- X.509 certificate chain validation vulnerability (45298931-b3bf-11dd-80f8-001cc0377035)

SecurityFocus reports : GnuTLS is prone to a security-bypass vulnerability because the application fails to properly validate chained X.509 certificates. Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks by impersonating trusted servers. Unsuspecting users m...

[slackware-security] gnutls

New gnutls packages are available for Slackware 12.0, 12.1, and -current to correctly fix the certificate chain verification issue that the upgrade to gnutls-2.6.1 attempted to fix. Without this upgrade, processing a certificate chain containing only one self-signed certificate may cause GnuTLS...

[ MDVSA-2008:227 ] gnutls

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2008:227 http://www.mandriva.com/security/ Package : gnutls Date : November 12, 2008 Affected: 2008.0, 2008.1, 2009.0 Problem Description: Martin von Gagern found a flow in how GnuTLS versions 1.2.4 up until 2.6....

GnuTLS certificates spoofing

Invalid trust chain verification procedure...

CVE-2008-4989

The gnutlsx509verifycertificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguishe...

CVE-2008-4989

The gnutlsx509verifycertificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguishe...

CVE-2008-4989

Summary: CVE-2008-4989 affects the GnuTLS library. The vulnerability lies in _gnutls_x509_verify_certificate in libgnutls/lib/x509/verify.c, where the library can trust a chain whose last certificate is an arbitrary self-signed trusted cert. This allows a man-in-the-middle to spoof a certificate ...

[SECURITY] Fedora 8 Update: gnutls-1.6.3-5.fc8

GnuTLS is a project that aims to develop a library which provides a secure layer, over a reliable transport layer. Currently the GnuTLS library implem ents the proposed standards by the IETF's TLS working group...

[SECURITY] Fedora 9 Update: gnutls-2.0.4-4.fc9

GnuTLS is a project that aims to develop a library which provides a secure layer, over a reliable transport layer. Currently the GnuTLS library implem ents the proposed standards by the IETF's TLS working group...

Fedora 9 : gnutls-2.0.4-4.fc9 (2008-9530)

Tue Nov 11 2008 Tomas Mraz 2.0.4-4 - fix chain verification issue CVE-2008-4989 470079 - Tue May 20 2008 Tomas Mraz 2.0.4-3 - fix three security issues in gnutls handshake - GNUTLS-SA-2008-1 447461, 447462, 447463 Note that Tenable Network Security has extracted the preceding description block...

RHEL 5 : gnutls (RHSA-2008:0982)

Updated gnutls packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The GnuTLS library provides support for cryptographic algorithms and for protocols such as...

Fedora 8 : gnutls-1.6.3-5.fc8 (2008-9600)

Tue Nov 11 2008 Tomas Mraz 1.6.3-5 - fix chain verification issue CVE-2008-4989 470079 - Fri Jun 20 2008 Tomas Mraz 1.6.3-4 - backported fix for compression support 451952 - Tue May 20 2008 Tomas Mraz 1.6.3-3 - fix three security issues in gnutls handshake - GNUTLS-SA-2008-1 447461, 447462,...

GnuTLS X.509证书链验证漏洞

BUGTRAQ ID: 32232 CVECAN ID: CVE-2008-4989 GnuTLS是用于实现TLS加密协议的函数库。 GNU TLS库的X.509证书链验证中存在错误，允许中间人用户使用任意名称并诱骗GNU TLS客户端信任该名称。 漏洞具体存在于x509/verify.c文件的gnutlsx509verifycertificate函数中： 1. 用可信任证书列表验证证书列表的最后一个单元。 2. 如果是自签名的话，从列表中删除最后一个单元。 3. 检查证书链确保每个证书都由后一个签名，除了最后一个单元。...

CVE-2008-4989

The gnutlsx509verifycertificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguishe...

gnutls security update

CentOS Errata and Security Advisory CESA-2008:0982 Updated gnutls packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The GnuTLS library provides support for...

Moderate: Red Hat Security Advisory: gnutls security update

Updated gnutls packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The GnuTLS library provides support for cryptographic algorithms and for protocols such as...

gnutls: certificate chain verification flaw

The gnutlsx509verifycertificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguishe...