rPSA-2008-0322-1 gnutls



rPath Security Advisory: 2008-0322-1
Published: 2008-11-17
Products:
rPath Linux 2

Rating: Minor
Exposure Level Classification:
Indirect User Deterministic Weakness
Updated Versions:
gnutls=conary.rpath.com@rpl:2/2.2.5-1.1-1

rPath Issue Tracking System:
https://issues.rpath.com/browse/RPL-2886

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4989

Description:
Previous versions of the gnutls package contain a certificate-chain
validation error, making it possible for a man-in-the-middle attacker
to assume an arbitrary name and then trick GNU TLS clients into trusting
that name.

http://wiki.rpath.com/Advisories:rPSA-2008-0322

Copyright 2008 rPath, Inc.
This file is distributed under the terms of the MIT License.
A copy is available at http://www.rpath.com/permanent/mit-license.html



Relevant Pages

  • rPSA-2007-0202-1 kernel
    ... Products: rPath Linux 1 ... Exposure Level Classification: ... rPath Issue Tracking System: ...
    (Bugtraq)
  • [Full-disclosure] rPSA-2008-0056-1 mailman
    ... rPath Security Advisory: 2008-0056-1 ... Exposure Level Classification: ... Indirect User Deterministic Weakness ... rPath Issue Tracking System: ...
    (Full-Disclosure)
  • [Full-disclosure] rPSA-2008-0276-1 mercurial mercurial-hgk
    ... rPath Security Advisory: 2008-0276-1 ... Exposure Level Classification: ... rPath Issue Tracking System: ... Note that hgweb is not enabled by default on rPath Linux systems. ...
    (Full-Disclosure)
  • rPSA-2008-0276-1 mercurial mercurial-hgk
    ... rPath Security Advisory: 2008-0276-1 ... Exposure Level Classification: ... rPath Issue Tracking System: ... Note that hgweb is not enabled by default on rPath Linux systems. ...
    (Bugtraq)
  • rPSA-2008-0056-1 mailman
    ... rPath Security Advisory: 2008-0056-1 ... Exposure Level Classification: ... Indirect User Deterministic Weakness ... rPath Issue Tracking System: ...
    (Bugtraq)