Oval Definition:oval:com.redhat.rhsa:def:20091232
Revision Date:2009-08-26Version:635
Title:RHSA-2009:1232: gnutls security update (Moderate)
Description:The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS).

  • A flaw was discovered in the way GnuTLS handles NULL characters in certain fields of X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a Certificate Authority trusted by an application using GnuTLS, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse the application into accepting it by mistake. (CVE-2009-2730)

    Users of GnuTLS are advised to upgrade to these updated packages, which contain a backported patch that corrects this issue.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2009-2730
    RHSA-2009:1232
    RHSA-2009:1232-01
    RHSA-2009:1232-01
    Platform(s):Red Hat Enterprise Linux 4
    Red Hat Enterprise Linux 5
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • gnutls is earlier than 0:1.0.20-4.el4_8.3
  • AND gnutls is signed with Red Hat redhatrelease2 key
  • gnutls-devel is earlier than 0:1.0.20-4.el4_8.3
  • AND gnutls-devel is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • gnutls is earlier than 0:1.4.1-3.el5_3.5
  • AND gnutls is signed with Red Hat redhatrelease2 key
  • gnutls-devel is earlier than 0:1.4.1-3.el5_3.5
  • AND gnutls-devel is signed with Red Hat redhatrelease2 key
  • gnutls-utils is earlier than 0:1.4.1-3.el5_3.5
  • AND gnutls-utils is signed with Red Hat redhatrelease2 key
    • BACK