SuSE9 Security Update : gnutls (YOU Patch Number 11228)
Medium Nessus Plugin ID 41101
SynopsisThe remote SuSE 9 host is missing a security-related patch.
DescriptionA security problem in the GNU TLS library has been found :
If an RSA key with exponent 3 is used, the PKCS padding gets removed before generating a hash, which allows remote attackers to forge a PKCS signature that apapears to be signed by that RSA key and prevents gnutls from correctly verifying the certificate.
This bug has been tracked by the Mitre CVE ID CVE-2006-4790.
SolutionApply YOU patch number 11228.