CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
79.5%
Andreas Metzler uploaded new packages for gnutls28 which fixed the
following security problems:
CVE-2014-1959 / DSA 2866-1 / GNUTLS-SA-2014-1
Suman Jana reported that GnuTLS, deviating from the documented
behavior considers a version 1 intermediate certificate as a CA
certificate by default.
For the testing distribution (jessie) and the unstable distribution
(sid), this problem has been fixed in gnutls26/2.12.23-12 and
gnutls28/3.2.11-1.
For the stable distribution this problem has been fixed in
gnutls26/2.12.20-8.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 7 | mips | gnutls-bin | < 3.0.22-3+really2.12.20-8 | gnutls-bin_3.0.22-3+really2.12.20-8_mips.deb |
Debian | 7 | mipsel | libgnutlsxx27 | < 2.12.20-8 | libgnutlsxx27_2.12.20-8_mipsel.deb |
Debian | 7 | kfreebsd-i386 | libgnutls-openssl27 | < 2.12.20-8 | libgnutls-openssl27_2.12.20-8_kfreebsd-i386.deb |
Debian | 7 | ia64 | gnutls-bin | < 3.0.22-3+really2.12.20-8 | gnutls-bin_3.0.22-3+really2.12.20-8_ia64.deb |
Debian | 7 | powerpc | libgnutlsxx27 | < 2.12.20-8 | libgnutlsxx27_2.12.20-8_powerpc.deb |
Debian | 7 | kfreebsd-i386 | gnutls-bin | < 3.0.22-3+really2.12.20-8 | gnutls-bin_3.0.22-3+really2.12.20-8_kfreebsd-i386.deb |
Debian | 7 | i386 | libgnutlsxx27 | < 2.12.20-8 | libgnutlsxx27_2.12.20-8_i386.deb |
Debian | 7 | amd64 | gnutls-bin | < 3.0.22-3+really2.12.20-8 | gnutls-bin_3.0.22-3+really2.12.20-8_amd64.deb |
Debian | 7 | kfreebsd-amd64 | libgnutlsxx27 | < 2.12.20-8 | libgnutlsxx27_2.12.20-8_kfreebsd-amd64.deb |
Debian | 7 | s390x | libgnutls-openssl27 | < 2.12.20-8 | libgnutls-openssl27_2.12.20-8_s390x.deb |