CVE-2009-5138

Publication date 7 March 2014

Last updated 24 July 2024


Ubuntu priority

GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates, a different vulnerability than CVE-2014-1959.

Read the notes from the security team

Status

Package Ubuntu Release Status
gnutls26 13.10 saucy
Not affected
12.10 quantal
Not affected
12.04 LTS precise
Not affected
10.04 LTS lucid
Not affected

Notes


mdeslaur

before 2.7.6 only