Gentoo: GLSA 200901-10 Normal: GnuTLS Certificate Spoofing Issue
gentoo
January 14, 2009
A certificate validation error in GnuTLS might allow for spoofing attacks.
Summary
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gentoo Linux Security Advisory GLSA 200901-10 ~ https://security.gentoo.org/
~ Severity: Normal ~ Title: GnuTLS: Certificate validation error ~ Date: January 14, 2009 ~ Bugs: #245850 ~ ID: 200901-10
Synopsis ======= A certificate validation error in GnuTLS might allow for spoofing attacks.
Background ========= GnuTLS is an open-source implementation of TLS 1.0 and SSL 3.0.
Affected packages ================ ~ ------------------------------------------------------------------- ~ Package / Vulnerable / Unaffected ~ ------------------------------------------------------------------- ~ 1 net-libs/gnutls < 2.4.1-r2 >= 2.4.1-r2
========== Martin von Gagern reported that the _gnutls_x509_verify_certificate() function in lib/x509/verify.c trusts certificate chains in which the...Read the Full Advisory
Topics Covered
Resolution
References
Availability
style>.gentoo_availability{display:block;}
Concerns
PREVIOUS
NEXT
Topics Covered
Background
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Affected Packages
Impact
Workaround
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!