Important: gnutls

Issue Overview: It was discovered that GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification. An attacker could use this flaw to create a specially crafted certificate that could ...

gnutls: fixed SSL certificate validation (critical)

The gnutls library was updated to fix SSL certificate validation. Remote man-in-the-middle attackers were able to make the verification believe that a SSL certificate is valid even though it was not...

GnuTLS Goto Bug Different from Apple Goto Fail Bug

The similarities between the GnuTLS bug and Apple’s goto fail bug begin and end at their respective failure to verify TLS and SSL certificates. Otherwise, they’re neither siblings, nor distant cousins. The GnuTLS bug is very different, though like Apple’s infamous goto fail error, it will also...

gnutls: fixed SSL certificate validation problems (critical)

The gnutls library was updated to fixed x509 certificate validation problems, where man-in-the-middle attackers could hijack SSL connections. This update also reenables Elliptic Curve support to meet current day cryptographic requirements...

GnuTLS证书验证安全限制绕过漏洞

BUGTRAQ ID: 65919 CVECAN ID: CVE-2014-0092 GnuTLS是用于实现TLS加密协议的函数库。 GnuTLS 3.1.22, 3.2.12之前版本在实现上存在安全漏洞，X.509证书验证的错误处理不正确，可将故障证书标记为有效证书，这可使远程用户利用此漏洞绕过证书验证。 0 GnuTLS GnuTLS 3.2.12 GnuTLS GnuTLS 3.1.22 厂商补丁： GnuTLS ------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://gnutls.org...

FreeBSD : gnutls -- multiple certificate verification issues (f645aa90-a3e8-11e3-a422-3c970e169bc2)

GnuTLS project reports : A vulnerability was discovered that affects the certificate verification functions of all gnutls versions. A specially crafted certificate could bypass certificate validation checks. The vulnerability was discovered during an audit of GnuTLS for Red Hat. Suman Jana report...

GnuTLS Releases Security Update

GnuTLS has released security updates to address a vulnerability affecting certificate verification functions. An attacker could use a specially crafted X509 certificate to bypass validation checks, impersonate legitimate web sites or services, and perform man-in-the-middle attacks. Many Linux...

CentOS 6 : gnutls (CESA-2014:0246)

Updated gnutls packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

CentOS 5 : gnutls (CESA-2014:0247)

Updated gnutls packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

Check Point response to GnuTLS certificate verification vulnerability (CVE-2014-0092)

...

gnutls security update

CentOS Errata and Security Advisory CESA-2014:0246 Updated gnutls packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base...

gnutls security update

CentOS Errata and Security Advisory CESA-2014:0247 Updated gnutls packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base...

GnuTLS certificate verification security vulnerability found

GnuTLS, an open source SSL and TLS implementation used in hundreds of software packages including Red Hat desktop and server products and all Debian and Ubuntu Linux distributions, is the latest crypto package to improperly verify digital certificates as authentic. The vulnerability, discovered a...

USN-2127-1: GnuTLS vulnerability

Nikos Mavrogiannopoulos discovered that GnuTLS incorrectly handled certificate verification functions. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited with specially crafted certificates to view sensitive information...

[slackware-security] gnutls

New gnutls packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue. Here are the details from the Slackware 14.1 ChangeLog: patches/packages/gnutls-3.1.22-i486-1slack14.1.txz: Upgraded. Fixed a security issue where a specially crafted certificate...

Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : gnutls (SSA:2014-062-01)

New gnutls packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2014-062-01. The text...

Oracle Linux 5 : gnutls (ELSA-2014-0247)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-0247 advisory. - fix issues of CVE-2014-0092 1069888 - fix CVE-2013-2116 - fix DoS regression in CVE-2013-1619 upstream patch 966754 Tenable has extracted the precedi...

RedHat Update for gnutls RHSA-2014:0246-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RedHat Update for gnutls RHSA-2014:0247-01

Check for the Version of gnutls OpenVAS Vulnerability Test RedHat Update for gnutls RHSA-2014:0247-01 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

Scientific Linux Security Update : gnutls on SL6.x i386/x86_64 (20140303)

It was discovered that GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification. An attacker could use this flaw to create a specially crafted certificate that could be accepted by...