DSA-2869-1 gnutls26 -- incorrect certificate verificationID: oval:org.secpod.oval:def:601223 | Date: (C)2014-03-05 (M)2024-02-19 |
Class: PATCH | Family: unix |
Nikos Mavrogiannopoulos of Red Hat discovered an X.509 certificate verification issue in GnuTLS, an SSL/TLS library. A certificate validation could be reported sucessfully even in cases were an error would prevent all verification steps to be performed. An attacker doing a man-in-the-middle of a TLS connection could use this vulnerability to present a carefully crafted certificate that would be accepted by GnuTLS as valid even if not signed by one of the trusted authorities.
Platform: |
Debian 7.0 |
Debian 6.0 |