Important: gnutls

2014-09-17T22:49:00
ID ALAS-2014-301
Type amazon
Reporter Amazon
Modified 2014-09-17T22:49:00

Description

Issue Overview:

It was discovered that GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification. An attacker could use this flaw to create a specially crafted certificate that could be accepted by GnuTLS as valid for a site chosen by the attacker. (CVE-2014-0092 __)

Affected Packages:

gnutls

Issue Correction:
Run yum update gnutls to update your system.

New Packages:

i686:  
    gnutls-guile-2.8.5-13.11.amzn1.i686  
    gnutls-utils-2.8.5-13.11.amzn1.i686  
    gnutls-devel-2.8.5-13.11.amzn1.i686  
    gnutls-2.8.5-13.11.amzn1.i686  
    gnutls-debuginfo-2.8.5-13.11.amzn1.i686

src:  
    gnutls-2.8.5-13.11.amzn1.src

x86_64:  
    gnutls-2.8.5-13.11.amzn1.x86_64  
    gnutls-devel-2.8.5-13.11.amzn1.x86_64  
    gnutls-debuginfo-2.8.5-13.11.amzn1.x86_64  
    gnutls-guile-2.8.5-13.11.amzn1.x86_64  
    gnutls-utils-2.8.5-13.11.amzn1.x86_64