Fedora Core 10 FEDORA-2009-8622 (gnutls) Network Vulnerability

Summary

The remote host is missing an update to gnutls announced via advisory FEDORA-2009-8622.

Solution

Apply the appropriate updates. This update can be installed with the yum update program. Use su -c 'yum update gnutls' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/. https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-8622

Insight

Update Information: This update fixes handling of NUL characters in certificate Common Name or subjectAltName fields especially in regards to comparsion to hostnames. ChangeLog: * Wed Sep 23 2009 Tomas Mraz 2.4.2-5 - fix handling of hostname in openpgp certificates * Fri Aug 14 2009 Tomas Mraz 2.4.2-4 - fix CVE-2009-2730 - handling of NUL chars in certificate CNs and SANs

References

https://bugzilla.redhat.com/show_bug.cgi?id=516231

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-4989, CVE-2009-2730
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Take action and discover your vulnerabilities