GnuTLS has released security updates to address a vulnerability affecting certificate verification functions. An attacker could use a specially crafted X509 certificate to bypass validation checks, impersonate legitimate web sites or services, and perform man-in-the-middle attacks.
Many Linux distributions and other software which use GnuTLS are affected.
Updates available include:
Google has released Google Chrome 33.0.1750.146 for Windows, Mac, and Linux to address multiple vulnerabilities, some of which could allow a remote, unauthenticated attacker to compromise a vulnerable system.
US-CERT encourages users and administrators to review the Google Chrome Release blog entry and apply the update.
Apple has released QuickTime 7.7.5 for Windows operating systems to address multiple vulnerabilities, which may lead to an unexpected application termination or arbitrary code execution.
US-CERT encourages users and administrators to review Apple Support Article HT6151 and apply any necessary updates.