6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
Joonas Kuorilehto discovered that GNU TLS performed insufficient
validation of session IDs during TLS/SSL handshakes. A malicious server
could use this to execute arbitrary code or perform denial of service.
For the stable distribution (wheezy), this problem has been fixed in
version 2.12.20-8+deb7u2.
For the unstable distribution (sid), this problem has been fixed in
version 2.12.23-16.
We recommend that you upgrade your gnutls26 packages.