what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2009-210

Mandriva Linux Security Advisory 2009-210
Posted Aug 22, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-210 - A vulnerability have been discovered and corrected in GnuTLS before 2.8.2, which could allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. This update fixes this vulnerability.

tags | advisory, arbitrary, spoof
systems | linux, mandriva
advisories | CVE-2009-2730
SHA-256 | eadbf55cae152edc723e6474013dda54a57861be478774358cae28695bda3567
Download | Favorite | View

Mandriva Linux Security Advisory 2009-210

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:210
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : gnutls
 Date    : August 20, 2009
 Affected: 2008.1, 2009.0, 2009.1, Corporate 4.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability have been discovered and corrected in GnuTLS
 before 2.8.2, which could allow man-in-the-middle attackers to spoof
 arbitrary SSL servers via a crafted certificate issued by a legitimate
 Certification Authority (CVE-2009-2730).
 
 This update fixes this vulnerability.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2730
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.1:
 8f25af9dcaefbf23e1ed7479a9611c13  2008.1/i586/gnutls-2.3.0-3.5mdv2008.1.i586.rpm
 2f53d53b692d78f0ee65afeb5393f1ae  2008.1/i586/libgnutls26-2.3.0-3.5mdv2008.1.i586.rpm
 3bc7b6ca54f3d8c0736966504d3d3eff  2008.1/i586/libgnutls-devel-2.3.0-3.5mdv2008.1.i586.rpm 
 27fab203d4f153b5c14b34547ba86d49  2008.1/SRPMS/gnutls-2.3.0-3.5mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 7404cec905b6adb5083953a50588e5e6  2008.1/x86_64/gnutls-2.3.0-3.5mdv2008.1.x86_64.rpm
 8d8b6532d22127ff20b5899716d7146b  2008.1/x86_64/lib64gnutls26-2.3.0-3.5mdv2008.1.x86_64.rpm
 aeaeed844fb7a7650906ebfaf178ff20  2008.1/x86_64/lib64gnutls-devel-2.3.0-3.5mdv2008.1.x86_64.rpm 
 27fab203d4f153b5c14b34547ba86d49  2008.1/SRPMS/gnutls-2.3.0-3.5mdv2008.1.src.rpm

 Mandriva Linux 2009.0:
 2855a45403f0a7292a469f8573476002  2009.0/i586/gnutls-2.4.1-2.5mdv2009.0.i586.rpm
 ebb2a3125ba6472a6a9b5c0fdab2adcd  2009.0/i586/libgnutls26-2.4.1-2.5mdv2009.0.i586.rpm
 d06b405f95ffb80522360d094ca6b957  2009.0/i586/libgnutls-devel-2.4.1-2.5mdv2009.0.i586.rpm 
 8ba44446f8da6e5882b136be9032530b  2009.0/SRPMS/gnutls-2.4.1-2.5mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 d1d6f6e9b23cfd422f92c96e70056bc9  2009.0/x86_64/gnutls-2.4.1-2.5mdv2009.0.x86_64.rpm
 31b1a501f3f733cb9e31c95fd4a13a30  2009.0/x86_64/lib64gnutls26-2.4.1-2.5mdv2009.0.x86_64.rpm
 e0768bff88400770bbf7fd439b3840f1  2009.0/x86_64/lib64gnutls-devel-2.4.1-2.5mdv2009.0.x86_64.rpm 
 8ba44446f8da6e5882b136be9032530b  2009.0/SRPMS/gnutls-2.4.1-2.5mdv2009.0.src.rpm

 Mandriva Linux 2009.1:
 bb9cb293b88cbee46796950fd2263d6d  2009.1/i586/gnutls-2.6.4-1.3mdv2009.1.i586.rpm
 03c6fedc1895aed56edef3d1d705c3d1  2009.1/i586/libgnutls26-2.6.4-1.3mdv2009.1.i586.rpm
 bab68af73a4824410b1f46a36723ba73  2009.1/i586/libgnutls-devel-2.6.4-1.3mdv2009.1.i586.rpm 
 3979e6cdf9461ddfe4bc281583dd3d16  2009.1/SRPMS/gnutls-2.6.4-1.3mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 9f07205b1ec7fe4a69ca5418643c2b9a  2009.1/x86_64/gnutls-2.6.4-1.3mdv2009.1.x86_64.rpm
 a71159cef93cfdf2ae80a37705ee9a7b  2009.1/x86_64/lib64gnutls26-2.6.4-1.3mdv2009.1.x86_64.rpm
 0fe993d2682745a7e4e3d46a2efe7c8e  2009.1/x86_64/lib64gnutls-devel-2.6.4-1.3mdv2009.1.x86_64.rpm 
 3979e6cdf9461ddfe4bc281583dd3d16  2009.1/SRPMS/gnutls-2.6.4-1.3mdv2009.1.src.rpm

 Corporate 4.0:
 09bedb546faeac75a452b763c27f9bf0  corporate/4.0/i586/gnutls-1.0.25-2.5.20060mlcs4.i586.rpm
 5e72278b5cd3c27088450471cc406fe6  corporate/4.0/i586/libgnutls11-1.0.25-2.5.20060mlcs4.i586.rpm
 cb0bb76ae2e66750076aebbd1c7cf2b7  corporate/4.0/i586/libgnutls11-devel-1.0.25-2.5.20060mlcs4.i586.rpm 
 b99927b8c06333d2fc3b025719a9aea3  corporate/4.0/SRPMS/gnutls-1.0.25-2.5.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 31d7f354bf1ad71f45330fea8550688b  corporate/4.0/x86_64/gnutls-1.0.25-2.5.20060mlcs4.x86_64.rpm
 7ea85fe5e8929334971aa3654e6167ac  corporate/4.0/x86_64/lib64gnutls11-1.0.25-2.5.20060mlcs4.x86_64.rpm
 e3bccba96d6cc7e1d3b2b9f942bc99a2  corporate/4.0/x86_64/lib64gnutls11-devel-1.0.25-2.5.20060mlcs4.x86_64.rpm 
 b99927b8c06333d2fc3b025719a9aea3  corporate/4.0/SRPMS/gnutls-1.0.25-2.5.20060mlcs4.src.rpm

 Mandriva Enterprise Server 5:
 8e389b0ba59e759989619a85e86d12e0  mes5/i586/gnutls-2.4.1-2.5mdvmes5.i586.rpm
 82b0a901986a76f14a62acf3fba7e4bd  mes5/i586/libgnutls26-2.4.1-2.5mdvmes5.i586.rpm
 dd145f04f76282c401a7360f69b04039  mes5/i586/libgnutls-devel-2.4.1-2.5mdvmes5.i586.rpm 
 6abb8ee215ea3e05ca1a296155d8fe3f  mes5/SRPMS/gnutls-2.4.1-2.5mdvmes5.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 e0170272a46d84626ac93c55c3afe0ac  mes5/x86_64/gnutls-2.4.1-2.5mdvmes5.x86_64.rpm
 1e376c29b842f9915a2b75396938fe26  mes5/x86_64/lib64gnutls26-2.4.1-2.5mdvmes5.x86_64.rpm
 43fb2ca23a17a052d54ebcbac35282ee  mes5/x86_64/lib64gnutls-devel-2.4.1-2.5mdvmes5.x86_64.rpm 
 6abb8ee215ea3e05ca1a296155d8fe3f  mes5/SRPMS/gnutls-2.4.1-2.5mdvmes5.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKjeggmqjQ0CJFipgRAuYNAKCHRb92bFh5h8ziPaXu7Y29yApbwQCfSTTo
AIYtlv2HLQO1sMVHErI8F5s=
=5TBi
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close