Summary
Ubuntu Update for Linux kernel vulnerabilities USN-678-2
Solution
Please Install the Updated Packages.
Insight
USN-678-1 fixed a vulnerability in GnuTLS. The upstream patch introduced a regression when validating certain certificate chains that would report valid certificates as untrusted. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Martin von Gagern discovered that GnuTLS did not properly verify certificate chains when the last certificate in the chain was self-signed. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. (CVE-2008-4989)
Affected
gnutls12, gnutls13, gnutls26 regression on Ubuntu 6.06 LTS , Ubuntu 7.10 ,
Ubuntu 8.04 LTS ,
Ubuntu 8.10
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-4989 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities