FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

gnutls -- multiple certificate verification issues

Affected packages
gnutls < 2.12.23_4
linux-f10-gnutls < 2.12.23_4
gnutls-devel < 3.1.22
3.2.0 < gnutls-devel < 3.2.12
gnutls3 < 3.1.22
3.2.0 < gnutls3 < 3.2.12

Details

VuXML ID f645aa90-a3e8-11e3-a422-3c970e169bc2
Discovery 2014-03-03
Entry 2014-03-04
Modified 2014-04-30

GnuTLS project reports:

A vulnerability was discovered that affects the certificate verification functions of all gnutls versions. A specially crafted certificate could bypass certificate validation checks. The vulnerability was discovered during an audit of GnuTLS for Red Hat.

Suman Jana reported a vulnerability that affects the certificate verification functions of gnutls 2.11.5 and later versions. A version 1 intermediate certificate will be considered as a CA certificate by default (something that deviates from the documented behavior).

References

CVE Name CVE-2014-0092
CVE Name CVE-2014-1959
URL http://www.gnutls.org/security.html#GNUTLS-SA-2014-1
URL http://www.gnutls.org/security.html#GNUTLS-SA-2014-2