CESA-2009:1232 -- centos 4 x86_64 gnutlsID: oval:org.secpod.oval:def:202774 | Date: (C)2013-05-08 (M)2022-10-10 |
Class: PATCH | Family: unix |
The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security . A flaw was discovered in the way GnuTLS handles NULL characters in certain fields of X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a Certificate Authority trusted by an application using GnuTLS, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse the application into accepting it by mistake. Users of GnuTLS are advised to upgrade to these updated packages, which contain a backported patch that corrects this issue.