GnuTLS Releases Security Update

["US-CERT" <US-CERT () ncas us-cert gov>]

NCCIC / US-CERT

National Cyber Awareness System:

GnuTLS Releases Security Update [ 
https://www.us-cert.gov/ncas/current-activity/2014/03/05/GnuTLS-Releases-Security-Update ] 03/05/2014 11:56 AM EST 
Original release date: March 05, 2014

GnuTLS has released security updates to address a vulnerability affecting certificate verification functions. An 
attacker could use a specially crafted X509 certificate to bypass validation checks, impersonate legitimate web sites 
or services, and perform man-in-the-middle attacks.

Many Linux distributions and other software which use GnuTLS are affected.

Updates available include:


  *  GnuTLS 2.12.x patch application 
  *  GnuTLS 3.2.12 for the current stable branch 
  *  GnuTLS 3.1.22 for the previous stable branch 

Users and administrators are encouraged to review the GnuTLS Security Advisory GNUTLS-SA-2014-2 [ 
http://www.gnutls.org/security.htmlGNUTLS-SA-2014-2 ] and apply the necessary updates to help mitigate the risk.

________________________________________________________________________

This product is provided subject to this Notification [ http://www.us-cert.gov/privacy/notification ] and this Privacy 
& Use [ http://www.us-cert.gov/privacy/ ] policy.

________________________________________________________________________

OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ 
http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ 
http://www.us-cert.gov/related-resources ] 

STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]