Ubuntu Security Notice

by
Share this Article: Facebook0Google+0Twitter0LinkedIn0Reddit0StumbleUpon0
Ubuntu Security Notice USN-678-2 December 09, 2008
A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.10
Ubuntu 8.04 LTS
Ubuntu 8.10
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 6.06 LTS: libgnutls12 1.2.9-2ubuntu1.4 Ubuntu 7.10: libgnutls13 1.6.3-1ubuntu0.3 Ubuntu 8.04 LTS: libgnutls13 2.0.4-1ubuntu2.3 Ubuntu 8.10: libgnutls26 2.4.1-1ubuntu0.2
In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: USN-678-1 fixed a vulnerability in GnuTLS.
The upstream patch introduced a regression when validating certain certificate chains that would report valid certificates as untrusted. This update fixes the problem. We apologize for the inconvenience.
Original advisory details: Martin von Gagern discovered that GnuTLS did not properly verify certificate chains when the last certificate in the chain was self-signed.
If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. (CVE-2008-4989)
Source : www.ubuntu.com  (http://www.ubuntu.com/usn/usn-678-2)

{loadposition user9}

Related Articles By Tags:

{loadposition user1}

For questions please refer to our Q/A forum at : http://ask.unixmen.com/


Share this Article: Facebook0Google+0Twitter0LinkedIn0Reddit0StumbleUpon0