[Cryptography] GnuTLS -- time to look at the diff.

Tom Mitchell mitch at niftyegg.com
Tue Mar 4 17:04:40 EST 2014

GNUTLS-SA-2014-2CVE-2014-0092Certificate verification issue

A vulnerability was discovered that affects the certificate verification
functions of all gnutls versions. A specially crafted certificate could
bypass certificate validation checks. The vulnerability was discovered
during an audit of GnuTLS for Red Hat.

Who is affected by this attack?

Anyone using certificate authentication in any version of GnuTLS.

How to mitigate the attack?

Upgrade to the latest GnuTLS version (3.2.12 or 3.1.22), or apply the patch
for GnuTLS 2.12.x.


  T o m    M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140304/8bd937ac/attachment.html>

More information about the cryptography mailing list