U.S. Flag Official website of the Department of Homeland Security
TLP:WHITE

GnuTLS Releases Security Update

Original release date: March 05, 2014

GnuTLS has released security updates to address a vulnerability affecting certificate verification functions. An attacker could use a specially crafted X509 certificate to bypass validation checks, impersonate legitimate web sites or services, and perform man-in-the-middle attacks.

Many Linux distributions and other software which use GnuTLS are affected.

Updates available include:

  •  GnuTLS 2.12.x patch application
  •  GnuTLS 3.2.12 for the current stable branch
  •  GnuTLS 3.1.22 for the previous stable branch

Users and administrators are encouraged to review the GnuTLS Security Advisory GNUTLS-SA-2014-2 and apply the necessary updates to help mitigate the risk.

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top