Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2010-0166

Опубликовано: 25 мар. 2010
Источник: oracle-oval
Платформа: Oracle Linux 5

Описание

ELSA-2010-0166: gnutls security update (MODERATE)

[1.4.1-3.8]

  • fix safe renegotiation on SSL3 protocol

[1.4.1-3.7]

  • implement safe renegotiation - CVE-2009-3555 (#533125)
  • do not allow MD2 in certificate signatures by default - CVE-2009-2409 (#510197)

Обновленные пакеты

Oracle Linux 5

Oracle Linux ia64

gnutls

1.4.1-3.el5_4.8

gnutls-devel

1.4.1-3.el5_4.8

gnutls-utils

1.4.1-3.el5_4.8

Oracle Linux x86_64

gnutls

1.4.1-3.el5_4.8

gnutls-devel

1.4.1-3.el5_4.8

gnutls-utils

1.4.1-3.el5_4.8

Oracle Linux i386

gnutls

1.4.1-3.el5_4.8

gnutls-devel

1.4.1-3.el5_4.8

gnutls-utils

1.4.1-3.el5_4.8

Связанные CVE

CVE-2009-3555
CVE-2009-2409

Ссылки на источники

Связанные уязвимости

fstec логотип

BDU:2015-09404

fstec
больше 15 лет назад

Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить целостность и доступность защищаемой информации

ubuntu логотип

CVE-2009-2409

ubuntu
почти 16 лет назад

The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.

redhat логотип

CVE-2009-2409

redhat
почти 16 лет назад

The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.

nvd логотип

CVE-2009-2409

nvd
почти 16 лет назад

The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.

debian логотип

CVE-2009-2409

debian
почти 16 лет назад

The Network Security Services (NSS) library before 3.12.3, as used in ...