RHSA-2009:1232-01 -- Redhat gnutlsID: oval:org.secpod.oval:def:500637 | Date: (C)2012-01-31 (M)2023-11-09 |
Class: PATCH | Family: unix |
The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security . A flaw was discovered in the way GnuTLS handles NULL characters in certain fields of X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a Certificate Authority trusted by an application using GnuTLS, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse the application into accepting it by mistake. Users of GnuTLS are advised to upgrade to these updated packages, which contain a backported patch that corrects this issue.
Platform: |
Red Hat Enterprise Linux 5 |
Red Hat Enterprise Linux 4 |