gnutls-1.4.1-3.1.1AXS3
エラータID: AXSA:2008-480:02
リリース日:
2008/11/25 Tuesday - 21:25
題名:
gnutls-1.4.1-3.1.1AXS3
影響のあるチャネル:
Asianux Server 3 for x86
Asianux Server 3 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- _gnutls_x509_verify_certificate の処理に不備があり、中間者攻撃により無効な証明書を仕掛けられる可能性があります。(CVE-2008-4989)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2008-4989
The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN).
The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN).
追加情報:
N/A
ダウンロード:
Asianux Server 3 for x86
- gnutls-1.4.1-3.1.1AXS3.i386.rpm
MD5: 90a59f93f183890421dc47ab4703dc37
SHA-256: b847bda2a2c304d22c77e701efebd42702d1fcb9425124eacd47be46da70d9f6
Size: 372.00 kB - gnutls-devel-1.4.1-3.1.1AXS3.i386.rpm
MD5: a72b91643628a25f8731891903a72566
SHA-256: b57f0639e2a837c5d32ccc952f4910247624c5cc5ba9e97f5e823233963f66d2
Size: 933.18 kB
Asianux Server 3 for x86_64
- gnutls-1.4.1-3.1.1AXS3.x86_64.rpm
MD5: 87040fb0602be1f8fe347915d2095cb9
SHA-256: 7d91d69953635d042c62ed0073153359cb6745b3699cf0a7d326104e030e6fb5
Size: 386.46 kB - gnutls-devel-1.4.1-3.1.1AXS3.x86_64.rpm
MD5: fbaf6cdb273f87c777deb0edbf54e522
SHA-256: 1de9e5e56c819758bf784c7577dbaa9367a102c052ccd32d829ac5f4ec49df3c
Size: 954.09 kB