CVE-2009-1416
Published: 30 April 2009
lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key.
Notes
Author | Note |
---|---|
jdstrand | from the advisory: GnuTLS 2.4.x and earlier did not contain the buggy code. |
Priority
Status
Package | Release | Status |
---|---|---|
gnutls11 Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
upstream |
Needs triage
|
|
gnutls12 Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
upstream |
Needs triage
|
|
gnutls13 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Not vulnerable
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
upstream |
Needs triage
|
|
gnutls26 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
intrepid |
Not vulnerable
|
|
jaunty |
Not vulnerable
|
|
upstream |
Released
(2.6.6-1)
|