Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2009-2730

Published: 12 August 2009

libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

Notes

AuthorNote
jdstrand 
patches in order:
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?h=gnutls_2_8_x&id=a431be86124f900c4082e82d32917f86fcce461a
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?h=gnutls_2_8_x&id=74b6d92f9675ce4e03642c4d6ced4a3a614b07f6
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?h=gnutls_2_8_x&id=40081594e3de518b998f3e5177ed5a9f7707f2e8
http://git.savannah.gnu.org/cgit/gnutls.git/patch/?id=5a58e9d33448235377afd5fbfcee1683dc70eae3
http://git.savannah.gnu.org/cgit/gnutls.git/patch/?id=1ea190d216767dd4ab93b87361cbcb9d4fb3aafc

Priority

Medium

Status

Package Release Status
gnutls11
Launchpad, Ubuntu, Debian 		dapper Ignored
(end of life)
hardy Does not exist

intrepid Does not exist

jaunty Does not exist

karmic Does not exist

upstream Needs triage

gnutls12
Launchpad, Ubuntu, Debian 		dapper
Released (1.2.9-2ubuntu1.7)
hardy Does not exist

intrepid Does not exist

jaunty Does not exist

karmic Does not exist

upstream Needs triage

gnutls13
Launchpad, Ubuntu, Debian 		dapper Does not exist

hardy
Released (2.0.4-1ubuntu2.6)
intrepid Does not exist

jaunty Does not exist

karmic Does not exist

upstream Needs triage

gnutls26
Launchpad, Ubuntu, Debian 		dapper Does not exist

hardy Does not exist

intrepid
Released (2.4.1-1ubuntu0.4)
jaunty
Released (2.4.2-6ubuntu0.1)
karmic
Released (2.6.6-1ubuntu1)
upstream
Released (2.8.3)
Patches:
upstream: http://lists.gnu.org/archive/html/help-gnutls/2009-08/msg00011.html

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading