Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2009-1416

Published: 30 April 2009

lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key.

Notes

AuthorNote
jdstrand 
from the advisory: GnuTLS 2.4.x and earlier did not contain the
buggy code.

Priority

Medium

Status

Package Release Status
gnutls11
Launchpad, Ubuntu, Debian 		dapper Not vulnerable

hardy Does not exist

intrepid Does not exist

jaunty Does not exist

upstream Needs triage

gnutls12
Launchpad, Ubuntu, Debian 		dapper Not vulnerable

hardy Does not exist

intrepid Does not exist

jaunty Does not exist

upstream Needs triage

gnutls13
Launchpad, Ubuntu, Debian 		dapper Does not exist

hardy Not vulnerable

intrepid Does not exist

jaunty Does not exist

upstream Needs triage

gnutls26
Launchpad, Ubuntu, Debian 		dapper Does not exist

hardy Does not exist

intrepid Not vulnerable

jaunty Not vulnerable

upstream
Released (2.6.6-1)

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading