Advisories ยป MGASA-2014-0117

Updated gnutls packages fix security vulnerability

Publication date: 03 Mar 2014
Modification date: 03 Mar 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-0092

Description

It was discovered that GnuTLS did not correctly handle certain errors that
could occur during the verification of an X.509 certificate, causing it to
incorrectly report a successful verification. An attacker could use this
flaw to create a specially crafted certificate that could be accepted by
GnuTLS as valid for a site chosen by the attacker (CVE-2014-0092).
                

References

SRPMS

3/core

4/core