oval:org.mitre.oval:def:7938

Definition Id: oval:org.mitre.oval:def:7938
 
Oval ID: oval:org.mitre.oval:def:7938
Title: DSA-1719 gnutls13 -- design flaw
Description: Martin von Gagern discovered that GNUTLS, an implementation of the TLS/SSL protocol, handles verification of X.509 certificate chains incorrectly if a self-signed certificate is configured as a trusted certificate. This could cause clients to accept forged server certificates as genuine. (CVE-2008-4989) In addition, this update tightens the checks for X.509v1 certificates which causes GNUTLS to reject certain certificate chains it accepted before. (In certificate chain processing, GNUTLS does not recognize X.509v1 certificates as valid unless explicitly requested by the application.)
Family: unix Class: patch
Reference(s): DSA-1719
CVE-2008-4989
Version: 3
Platform(s): Debian GNU/Linux 4.0
Product(s): gnutls13
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6461
 
Oval ID: oval:org.mitre.oval:def:6461
Title: Debian GNU/Linux 4.0 is installed.
Description: Debian GNU/Linux 4.0 (etch) is installed
Family: unix Class: inventory
Reference(s): cpe:/o:debian:debian_gnu/linux:4.0
Version: 9
Platform(s): Debian GNU/Linux 4.0
Product(s):
Definition Synopsis:
Referenced By:
oval:org.mitre.oval:def:7938