{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[],"affected_systems_content":"<p>Les versions de <SPAN class=\n  \"textit\">GnuTLS</SPAN> ant\u00e9rieures \u00e0 la 2.6.2.</p>","content":"## Description\n\nUne vuln\u00e9rabilit\u00e9 dans le traitement des certificats X.509 permettant\nd'utiliser un nom arbitraire a \u00e9t\u00e9 corrig\u00e9e dans la version 2.6.1. Cette\nderni\u00e8re a \u00e9t\u00e9 remplac\u00e9e par la 2.6.2 car elle souffrait d'un d\u00e9faut\nlors du traitement des certificats auto-sign\u00e9s qui provoquait des arr\u00eats\ninopin\u00e9s.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2008-4989","url":"https://www.cve.org/CVERecord?id=CVE-2008-4989"}],"links":[{"title":"Bulletin de s\u00e9curit\u00e9 Ubuntu USN-678-2 du 10 d\u00e9cembre 2008 :","url":"http://www.ubuntu.com/usn/usn-678-2"},{"title":"Bulletin de s\u00e9curit\u00e9 Fedora FEDORA-2008-9530 du 12 novembre    2008 :","url":"https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00222.html"},{"title":"Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2008:0982 du 11 novembre    2008 :","url":"http://rhn.redhat.com/errata/RHSA-2008-0982.html"},{"title":"Bulletin de s\u00e9curit\u00e9 Ubuntu USN-678-1 du 26 novembre 2008 :","url":"http://www.ubuntu.com/usn/usn-678-1"},{"title":"Bulletin de s\u00e9curit\u00e9 Debian DSA-1719 du 10 f\u00e9vrier 2009 :","url":"http://www.debian.org/security/2009/dsa-1719"},{"title":"Bulletin de s\u00e9curit\u00e9 Gentoo GLSA-200901-10 du 14 janvier    2009 :","url":"http://www.gentoo.org/security/en/glsa/glsa-200901-10.xml"},{"title":"Bulletin de s\u00e9curit\u00e9 Sun 260528 du 10 juin 2009 :","url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-260528-1"},{"title":"D\u00e9tails de la mise \u00e0 jour 2.6.2 de GnuTLS :","url":"http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3248"},{"title":"Bulletin de s\u00e9curit\u00e9 SuSE SuSE-SR:2008:027 du 09 d\u00e9cembre    2008 :","url":"http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html"},{"title":"Bulletin de s\u00e9curit\u00e9 Fedora FEDORA-2008-9600 du 12 novembre    2008 :","url":"https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00293.html"}],"reference":"CERTA-2008-AVI-556","revisions":[{"description":"version initiale.","revision_date":"2008-11-14T00:00:00.000000"},{"description":"ajout des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 Gentoo, Debian, Red Hat, SuSE et Ubuntu.","revision_date":"2009-03-06T00:00:00.000000"},{"description":"ajout des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 Fedora et Sun.","revision_date":"2009-06-17T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"}],"summary":"Une vuln\u00e9rabilit\u00e9 dans le traitement des certificats X.509 a \u00e9t\u00e9\ncorrig\u00e9e.\n","title":"Vuln\u00e9rabilit\u00e9 dans GnuTLS","vendor_advisories":[{"published_at":null,"title":"Bulletin de mise \u00e0 jour 2.6.2 du 12 novembre 2008","url":null}]}