FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

GnuTLS -- multiple vulnerabilities

Affected packages
	gnutls	<	2.6.6
	gnutls-devel	<	2.7.8

Details

VuXML ID	b31a1088-460f-11de-a11a-0022156e8794
Discovery	2009-05-21
Entry	2009-08-17

SecurityFocus reports:

GnuTLS is prone to multiple remote vulnerabilities:

A remote code-execution vulnerability.

A denial-of-service vulnerability.

A signature-generation vulnerability.

A signature-verification vulnerability.

An attacker can exploit these issues to potentially execute arbitrary code, trigger denial-of-service conditions, carry out attacks against data signed with weak signatures, and cause clients to accept expired or invalid certificates from servers.

[source]

References

Bugtraq ID	34783
CVE Name	CVE-2009-1415
CVE Name	CVE-2009-1416
CVE Name	CVE-2009-1417
URL	http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3515
URL	http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3516
URL	http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3517