Lucene search

K
debianDebianDEBIAN:BSA-093:A4F27
HistoryFeb 22, 2014 - 2:11 p.m.

[BSA-093] Security Update for gnutls28

2014-02-2214:11:49
lists.debian.org
18

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

AI Score

6.2

Confidence

Low

EPSS

0.007

Percentile

79.5%

Andreas Metzler uploaded new packages for gnutls28 which fixed the
following security problems:

CVE-2014-1959 / DSA 2866-1 / GNUTLS-SA-2014-1
Suman Jana reported that GnuTLS, deviating from the documented
behavior considers a version 1 intermediate certificate as a CA
certificate by default.

For the testing distribution (jessie) and the unstable distribution
(sid), this problem has been fixed in gnutls26/2.12.23-12 and
gnutls28/3.2.11-1.

For the stable distribution this problem has been fixed in
gnutls26/2.12.20-8.

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

AI Score

6.2

Confidence

Low

EPSS

0.007

Percentile

79.5%