[SingCERT] GnuTLS Certificate Processing Flaw May Let Remote Users Bypass Certificate Validation

Published on Wednesday, 05 March 2014 10:16

[ Summary ]

A vulnerability was discovered that affects the certificate verification functions of all GnuTLS versions. A specially crafted certificate could bypass certificate validation checks. The vulnerability was discovered during an audit of GnuTLS for Red Hat.

 

[ Affected Software ] 

  • All software using certificate authentication in earlier versions of GnuTLS.


[ Call to Action ]

Patch versions of GnuTLS are available (3.2.12 or 3.1.22). or apply the patch for GnuTLS 2.12.x.

  • Upgrade

 

[ Reference ]