oval:org.mitre.oval:def:12790

Definition Id: oval:org.mitre.oval:def:12790

Oval ID:	oval:org.mitre.oval:def:12790
Title:	DSA-1719-1 gnutls13 -- design flaw
Description:	Martin von Gagern discovered that GNUTLS, an implementation of the TLS/SSL protocol, handles verification of X.509 certificate chains incorrectly if a self-signed certificate is configured as a trusted certificate. This could cause clients to accept forged server certificates as genuine. In addition, this update tightens the checks for X.509v1 certificates which causes GNUTLS to reject certain certificate chains it accepted before. For the stable distribution, this problem has been fixed in version 1.4.4-3+etch3. For the unstable distribution, this problem has been fixed in version 2.4.2-3 of the gnutls26 package. We recommend that you upgrade your gnutls13 packages.
Family:	unix	Class:	patch
Reference(s):	DSA-1719-1 CVE-2008-4989	Version:	5
Platform(s):	Debian GNU/Linux 4.0	Product(s):	gnutls13
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. Architecture section Architecture independent section Installed architecture is all AND gnutls-doc DPKG is earlier than 1.4.4-3+etch3 OR Architecture depended section Supported architectures section Installed architecture is s390 AND Installed architecture is mips AND Installed architecture is alpha AND Installed architecture is powerpc AND Packages section libgnutls13 DPKG is earlier than 1.4.4-3+etch2 AND libgnutls-dev DPKG is earlier than 1.4.4-3+etch3 AND libgnutls13-dbg DPKG is earlier than 1.4.4-3+etch3 OR Architecture depended section Supported architectures section Installed architecture is s390 AND Installed architecture is ia64 AND Installed architecture is mipsel AND gnutls-bin DPKG is earlier than 1.4.4-3+etch2 OR Supported platform section Installed architecture is hppa AND Packages section libgnutls-dev DPKG is earlier than 1.4.4-3+etch3 AND gnutls-bin DPKG is earlier than 1.4.4-3+etch3 AND libgnutls13 DPKG is earlier than 1.4.4-3+etch3 AND libgnutls13-dbg DPKG is earlier than 1.4.4-3+etch2

Definition Id: oval:org.mitre.oval:def:6461

Oval ID:	oval:org.mitre.oval:def:6461
Title:	Debian GNU/Linux 4.0 is installed.
Description:	Debian GNU/Linux 4.0 (etch) is installed
Family:	unix	Class:	inventory
Reference(s):	cpe:/o:debian:debian_gnu/linux:4.0	Version:	9
Platform(s):	Debian GNU/Linux 4.0	Product(s):
Definition Synopsis:
Debian GNU/Linux 4.0 is installed
Referenced By:
oval:org.mitre.oval:def:12790

Copyright Security-Database 2006-2024 - Powered by themself ;) in 0.0339s

Facebook rss twitter linkedin mail