gnutls-1.4.1-3.1.1AXS3

エラータID: AXSA:2008-480:02

Release date: 
Tuesday, November 25, 2008 - 21:25
Subject: 
gnutls-1.4.1-3.1.1AXS3
Affected Channels: 
Asianux Server 3 for x86
Asianux Server 3 for x86_64
Severity: 
Moderate
Description: 

Description :
GnuTLS is a project that aims to develop a library which provides a secure
layer, over a reliable transport layer. Currently the GnuTLS library implements
the proposed standards by the IETF's TLS (Transport Layer Security) working
group.
CVE-2008-4989
The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls
in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate
is an arbitrary trusted, self-signed certificate, which allows
man-in-the-middle attackers to insert a spoofed certificate for any
Distinguished Name (DN).

Solution: 

Update Packages

CVEs: 
CVE-2008-4989
The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN).


Additional Info: 

N/A

Download: 

Asianux Server 3 for x86
  1. gnutls-1.4.1-3.1.1AXS3.i386.rpm
    MD5: 90a59f93f183890421dc47ab4703dc37
    SHA-256: b847bda2a2c304d22c77e701efebd42702d1fcb9425124eacd47be46da70d9f6
    Size: 372.00 kB
  2. gnutls-devel-1.4.1-3.1.1AXS3.i386.rpm
    MD5: a72b91643628a25f8731891903a72566
    SHA-256: b57f0639e2a837c5d32ccc952f4910247624c5cc5ba9e97f5e823233963f66d2
    Size: 933.18 kB

Asianux Server 3 for x86_64
  1. gnutls-1.4.1-3.1.1AXS3.x86_64.rpm
    MD5: 87040fb0602be1f8fe347915d2095cb9
    SHA-256: 7d91d69953635d042c62ed0073153359cb6745b3699cf0a7d326104e030e6fb5
    Size: 386.46 kB
  2. gnutls-devel-1.4.1-3.1.1AXS3.x86_64.rpm
    MD5: fbaf6cdb273f87c777deb0edbf54e522
    SHA-256: 1de9e5e56c819758bf784c7577dbaa9367a102c052ccd32d829ac5f4ec49df3c
    Size: 954.09 kB