Ubuntu Update For Gnutls12, Gnutls13, Gnutls26 Regression USN-678-2 Network Vulnerability

Summary

Ubuntu Update for Linux kernel vulnerabilities USN-678-2

Solution

Please Install the Updated Packages.

Insight

USN-678-1 fixed a vulnerability in GnuTLS. The upstream patch introduced a regression when validating certain certificate chains that would report valid certificates as untrusted. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Martin von Gagern discovered that GnuTLS did not properly verify certificate chains when the last certificate in the chain was self-signed. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. (CVE-2008-4989)

Affected

gnutls12, gnutls13, gnutls26 regression on Ubuntu 6.06 LTS , Ubuntu 7.10 , Ubuntu 8.04 LTS , Ubuntu 8.10

References

https://lists.ubuntu.com/archives/ubuntu-security-announce/2008-December/000801.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-4989

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Ubuntu Update for gnutls12, gnutls13, gnutls26 regression USN-678-2

Take action and discover your vulnerabilities