Advisories » MGASA-2014-0117

Updated gnutls packages fix security vulnerability

Publication date: 03 Mar 2014
Modification date: 03 Mar 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-0092

Description

It was discovered that GnuTLS did not correctly handle certain errors that
could occur during the verification of an X.509 certificate, causing it to
incorrectly report a successful verification. An attacker could use this
flaw to create a specially crafted certificate that could be accepted by
GnuTLS as valid for a site chosen by the attacker (CVE-2014-0092).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=12922
• http://gnutls.org/security.html#GNUTLS-SA-2014-2
• https://rhn.redhat.com/errata/RHSA-2014-0246.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0092

SRPMS

4/core

• gnutls-3.2.7-1.2.mga4

3/core

• gnutls-3.1.16-1.2.mga3