USN-678-1 fixed a vulnerability in GnuTLS. The upstream patch introduced a
regression when validating certain certificate chains that would report valid
certificates as untrusted. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Martin von Gagern discovered that GnuTLS did not properly verify certificate
chains when the last certificate in the chain was self-signed. If a remote
attacker were able to perform a man-in-the-middle attack, this flaw could be
exploited to view sensitive information. (CVE-2008-4989)