Updated gnutls packages fix security vulnerability
Publication date: 03 Mar 2014Modification date: 03 Mar 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-0092
Description
It was discovered that GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification. An attacker could use this flaw to create a specially crafted certificate that could be accepted by GnuTLS as valid for a site chosen by the attacker (CVE-2014-0092).
References
SRPMS
3/core
- gnutls-3.1.16-1.2.mga3
4/core
- gnutls-3.2.7-1.2.mga4