Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-678-2
HistoryDec 10, 2008 - 12:00 a.m.

GnuTLS regression

2008-12-1000:00:00
ubuntu.com
32

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

55.6%

JSON

Releases

  • Ubuntu 8.10
  • Ubuntu 8.04
  • Ubuntu 7.10
  • Ubuntu 6.06

Packages

  • gnutls12 -
  • gnutls13 -
  • gnutls26 -

Details

USN-678-1 fixed a vulnerability in GnuTLS. The upstream patch introduced a
regression when validating certain certificate chains that would report valid
certificates as untrusted. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Martin von Gagern discovered that GnuTLS did not properly verify certificate
chains when the last certificate in the chain was self-signed. If a remote
attacker were able to perform a machine-in-the-middle attack, this flaw could be
exploited to view sensitive information. (CVE-2008-4989)

OSVersionArchitecturePackageVersionFilename
Ubuntu8.10noarchlibgnutls26<Β 2.4.1-1ubuntu0.2UNKNOWN
Ubuntu8.10noarchgnutls-bin<Β 2.4.1-1ubuntu0.2UNKNOWN
Ubuntu8.10noarchguile-gnutls<Β 2.4.1-1ubuntu0.2UNKNOWN
Ubuntu8.10noarchlibgnutls-dev<Β 2.4.1-1ubuntu0.2UNKNOWN
Ubuntu8.10noarchlibgnutls26<Β dbg-2.4.1-1ubuntu0.2UNKNOWN
Ubuntu8.04noarchlibgnutls13<Β 2.0.4-1ubuntu2.3UNKNOWN
Ubuntu8.04noarchgnutls-bin<Β 2.0.4-1ubuntu2.3UNKNOWN
Ubuntu8.04noarchlibgnutls-dev<Β 2.0.4-1ubuntu2.3UNKNOWN
Ubuntu8.04noarchlibgnutls13-dbg<Β 2.0.4-1ubuntu2.3UNKNOWN
Ubuntu8.04noarchlibgnutlsxx13<Β 2.0.4-1ubuntu2.3UNKNOWN
Rows per page:
1-10 of 191

Related

openvas 43
nessus 34
securityvulns 3
seebug 1
prion 1
cve 1
freebsd 1
altlinux 2
osv 1
fedora 4
gentoo 1
slackware 1
debian 2
oraclelinux 1
ubuntu 2
redhat 1
ubuntucve 1
centos 1
openvas
openvas
Fedora Update for gnutls FEDORA-2008-10000
2009-02-16 00:00:00
SLES10: Security update for GnuTLS
2009-10-13 00:00:00
RedHat Update for gnutls RHSA-2008:0982-01
2009-03-06 00:00:00
nessus
nessus
openSUSE Security Update : gnutls (gnutls-605)
2009-07-21 00:00:00
Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : gnutls12, gnutls13, gnutls26 regression (USN-678-2)
2009-04-23 00:00:00
Fedora 10 : gnutls-2.4.2-3.fc10 (2008-10162)
2012-09-24 00:00:00
securityvulns
securityvulns
GnuTLS certificates spoofing
2008-11-14 00:00:00
[ MDVSA-2008:227 ] gnutls
2008-11-14 00:00:00
[USN-809-1] GnuTLS vulnerabilities
2009-08-20 00:00:00
seebug
seebug
GnuTLS X.509证书链ιͺŒθ―ζΌζ΄ž
2008-11-12 00:00:00
prion
prion
Code injection
2008-11-13 01:00:00
cve
cve
CVE-2008-4989
2008-11-13 01:00:00
freebsd
freebsd
gnutls -- X.509 certificate chain validation vulnerability
2008-11-10 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package gnutls30 version 2.6.3-alt1
2008-12-21 00:00:00
Security fix for the ALT Linux 9 package gnutls30 version 2.6.3-alt1
2008-12-21 00:00:00
osv
osv
gnutls13 - certificate validation
2009-02-10 00:00:00
fedora
fedora
[SECURITY] Fedora 8 Update: gnutls-1.6.3-5.fc8
2008-11-12 03:00:29
[SECURITY] Fedora 10 Update: gnutls-2.4.2-3.fc10
2008-11-22 16:51:32
[SECURITY] Fedora 9 Update: gnutls-2.0.4-4.fc9
2008-11-12 02:52:29
gentoo
gentoo
GnuTLS: Certificate validation error
2009-01-14 00:00:00
slackware
slackware
[slackware-security] gnutls
2008-11-11 03:18:27
debian
debian
[SECURITY] [DSA 1719-1] New gnutls13 packages fix certificate validation
2009-02-10 07:00:19
[SECURITY] [DSA 1719-2] New GNUTLS packages fix regression
2009-02-28 11:44:38
oraclelinux
oraclelinux
gnutls security update
2008-11-11 00:00:00
ubuntu
ubuntu
GnuTLS vulnerability
2008-11-26 00:00:00
GnuTLS vulnerabilities
2009-08-19 00:00:00
redhat
redhat
(RHSA-2008:0982) Moderate: gnutls security update
2008-11-11 00:00:00
ubuntucve
ubuntucve
CVE-2008-4989
2008-11-12 00:00:00
centos
centos
gnutls security update
2008-11-11 21:05:18

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

55.6%

JSON
Related for USN-678-2
openvas43nessus34securityvulns3seebug1prion1cve1freebsd1altlinux2osv1fedora4gentoo1slackware1debian2oraclelinux1ubuntu2redhat1ubuntucve1centos1