Referenced CVEs:
CVE-2008-4989
Description:
===========================================================Ubuntu Security Notice USN-678-1 November 26, 2008gnutls12, gnutls13, gnutls26 vulnerabilityCVE-2008-4989===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 7.10Ubuntu 8.04 LTSUbuntu 8.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: libgnutls12 1.2.9-2ubuntu1.3Ubuntu 7.10: libgnutls13 1.6.3-1ubuntu0.2Ubuntu 8.04 LTS: libgnutls13 2.0.4-1ubuntu2.2Ubuntu 8.10: libgnutls26 2.4.1-1ubuntu0.1In general, a standard system upgrade is sufficient to effect thenecessary changes.Details follow:Martin von Gagern discovered that GnuTLS did not properly verify certificatechains when the last certificate in the chain was self-signed. If a remoteattacker were able to perform a man-in-the-middle attack, this flaw could beexploited to view sensitive information. (CVE-2008-4989)
More...