GnuTLS regression

ID USN-678-2
Type ubuntu
Reporter Ubuntu
Modified 2008-12-10T00:00:00


USN-678-1 fixed a vulnerability in GnuTLS. The upstream patch introduced a
regression when validating certain certificate chains that would report valid
certificates as untrusted. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Martin von Gagern discovered that GnuTLS did not properly verify certificate
chains when the last certificate in the chain was self-signed. If a remote
attacker were able to perform a man-in-the-middle attack, this flaw could be
exploited to view sensitive information. (CVE-2008-4989)