CentOS Update For Gnutls CESA-2009:1232 Centos4 I386 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). A flaw was discovered in the way GnuTLS handles NULL characters in certain fields of X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a Certificate Authority trusted by an application using GnuTLS, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse the application into accepting it by mistake. (CVE-2009-2730) Users of GnuTLS are advised to upgrade to these updated packages, which contain a backported patch that corrects this issue.

Affected

gnutls on CentOS 4

References

http://lists.centos.org/pipermail/centos-announce/2009-August/016111.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-2730

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

CentOS Security Advisory CESA-2009:0325-01 (seamonkey)
CentOS Security Advisory CESA-2009:0344 (libsoup)
CentOS Security Advisory CESA-2009:0408 (krb5)
CentOS Security Advisory CESA-2009:0275 (imap)
CentOS Security Advisory CESA-2009:1431 (seamonkey)

CentOS Update for gnutls CESA-2009:1232 centos4 i386

Take action and discover your vulnerabilities