RedHat Update For Gnutls RHSA-2008:0982-01 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). Martin von Gagern discovered a flaw in the way GnuTLS verified certificate chains provided by a server. A malicious server could use this flaw to spoof its identity by tricking client applications using the GnuTLS library to trust invalid certificates. (CVE-2008-4989) Users of GnuTLS are advised to upgrade to these updated packages, which contain a backported patch that corrects this issue.

Affected

gnutls on Red Hat Enterprise Linux (v. 5 server)

References

https://www.redhat.com/archives/rhsa-announce/2008-November/msg00004.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-4989

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

RedHat Security Advisory RHSA-2009:1076
RedHat Security Advisory RHSA-2009:1082
RedHat Security Advisory RHSA-2009:0473
RedHat Security Advisory RHSA-2009:1077
RedHat Security Advisory RHSA-2009:0020

RedHat Update for gnutls RHSA-2008:0982-01

Take action and discover your vulnerabilities