CESA-2008:0982 -- centos 5 x86_64 gnutlsID: oval:org.secpod.oval:def:202673 | Date: (C)2013-04-23 (M)2024-02-15 |
Class: PATCH | Family: unix |
The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). Martin von Gagern discovered a flaw in the way GnuTLS verified certificate chains provided by a server. A malicious server could use this flaw to spoof its identity by tricking client applications using the GnuTLS library to trust invalid certificates. (CVE-2008-4989) Users of GnuTLS are advised to upgrade to these updated packages, which contain a backported patch that corrects this issue.