AXSA:2008-493:03

リリース日: 
2008/12/01 Monday - 11:53
題名: 
gnutls-1.4.1-3.1.1AXS3
影響のあるチャネル: 
Asianux Server 3 for ppc
Asianux Server 3 for ia64
Severity: 
Moderate
Description: 

Description :
GnuTLS is a project that aims to develop a library which provides a secure
layer, over a reliable transport layer. Currently the GnuTLS library implements
the proposed standards by the IETF's TLS (Transport Layer Security) working
group.
CVE-2008-4989
The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls
in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate
is an arbitrary trusted, self-signed certificate, which allows
man-in-the-middle attackers to insert a spoofed certificate for any
Distinguished Name (DN).

解決策: 

Update packages

追加情報: 

From Asianux Server 3 SP1 updated packages.

ダウンロード: 
File not found: /var/www/html/asianux/sites/tsn.asianux.com/files/private/buginfo//5491_gnutls.txt
File not found: /var/www/html/asianux/sites/tsn.asianux.com/files/private/buginfo//5491_gnutls-devel.txt
File not found: /var/www/html/asianux/sites/tsn.asianux.com/files/private/buginfo//5491_gnutls.txt
File not found: /var/www/html/asianux/sites/tsn.asianux.com/files/private/buginfo//5491_gnutls.txt
File not found: /var/www/html/asianux/sites/tsn.asianux.com/files/private/buginfo//5491_gnutls-devel.txt
File not found: /var/www/html/asianux/sites/tsn.asianux.com/files/private/buginfo//5491_gnutls-devel.txt
Copyright© 2007-2015 Asianux. All rights reserved.