From: Simon Josefsson Date: Thu, 6 Aug 2009 22:49:23 +0000 (+0200) Subject: Add. X-Git-Tag: gnutls_2_9_2~31^2~2 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=09736ddeb3f85e2fcc143ff80c8ccfb9fe72e846;p=thirdparty%2Fgnutls.git Add. --- diff --git a/NEWS b/NEWS index 3bd3f83622..4a16ac7757 100644 --- a/NEWS +++ b/NEWS @@ -5,6 +5,20 @@ See the end for copying conditions. * Version 2.9.2 (unreleased) +** libgnutls: Fix problem with NUL bytes in X.509 CN and SAN fields. +By using a NUL byte in CN/SAN fields, it was possible to fool GnuTLS +into 1) not printing the entire CN/SAN field value when printing a +certificate and 2) cause incorrect positive matches when matching a +hostname against a certificate. Combined with the fact that some CAs +apparently have poor checking CN/SAN values and issue such (arguably +incorrect) certificates, it can be used by attackers to become a MITM +on server-authenticated TLS sessions. The problem is mitigated since +attackers needs to get one certificate per site they want to attack, +and the attacker reveals his tracks by applying for a certificate at +the CA. Research presented independently by Dan Kaminsky and Moxie +Marlinspike at BlackHat09. Thanks to Tomas Hoger +for providing one part of the patch. [GNUTLS-SA-2009-4]. + ** minitasn1: Internal copy updated to libtasn1 v2.3. ** libgnutls: Fix return value of gnutls_certificate_client_get_request_status.