Advisories » MGASA-2014-0077

Updated gnutls packages fix security vulnerability

Publication date: 16 Feb 2014
Modification date: 16 Feb 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-1959

Description

Suman Jana reported a vulnerability that affects the certificate verification
functions of gnutls 3.1.x and gnutls 3.2.x. A version 1 intermediate
certificate will be considered as a CA certificate by default (something that
deviates from the documented behavior) (CVE-2014-1959).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=12763
• http://www.gnutls.org/security.html#GNUTLS-SA-2014-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1959

SRPMS

3/core

• gnutls-3.1.16-1.1.mga3

4/core

• gnutls-3.2.7-1.1.mga4