Paketname
gnutls
Datum
2014-03-10
Advisory ID
MDVSA-2014:048
Betroffene Versionen
MES5 i586 , MBS1 x86_64 , MES5 x86_64

Problembeschreibung

Updated gnutls packages fix security vulnerability:

It was discovered that GnuTLS did not correctly handle certain errors
that could occur during the verification of an X.509 certificate,
causing it to incorrectly report a successful verification. An attacker
could use this flaw to create a specially crafted certificate that
could be accepted by GnuTLS as valid for a site chosen by the attacker
(CVE-2014-0092).

Aktualisierte Pakete

MES5 i586

 102f795d8475e9c9d6df72aeffd9213b  mes5/i586/gnutls-2.4.1-2.10mdvmes5.2.i586.rpm
 1f87f8bce0222e4bad7f098e9ae04467  mes5/i586/libgnutls26-2.4.1-2.10mdvmes5.2.i586.rpm
 c9bffc45aaddf198ccf185d130cd06c6  mes5/i586/libgnutls-devel-2.4.1-2.10mdvmes5.2.i586.rpm 
 c713dc5b541177d7ad289853a6be2869  mes5/SRPMS/gnutls-2.4.1-2.10mdvmes5.2.src.rpm

MBS1 x86_64

 53bb1704d26e27aeeeddfdcf093c28a3  mbs1/x86_64/gnutls-3.0.28-1.2.mbs1.x86_64.rpm
 9d87ba4210c47fd889e311cfddcbc0eb  mbs1/x86_64/lib64gnutls28-3.0.28-1.2.mbs1.x86_64.rpm
 3055076fd43b6a23e8ca36ca898e2378  mbs1/x86_64/lib64gnutls-devel-3.0.28-1.2.mbs1.x86_64.rpm
 6c7adf3386ec46df821457f8ed0962f0  mbs1/x86_64/lib64gnutls-ssl27-3.0.28-1.2.mbs1.x86_64.rpm 
 2399c9cd4b3b4eb1cd1ad82a2dbbc90e  mbs1/SRPMS/gnutls-3.0.28-1.2.mbs1.src.rpm

MES5 x86_64

 74cf2ef8f62b6695fb7e0302bbd05f21  mes5/x86_64/gnutls-2.4.1-2.10mdvmes5.2.x86_64.rpm
 1c915d2bfcadb6cb85ee2a80a3adf6ce  mes5/x86_64/lib64gnutls26-2.4.1-2.10mdvmes5.2.x86_64.rpm
 62d52e05b82032c7952f2dbf8e60482f  mes5/x86_64/lib64gnutls-devel-2.4.1-2.10mdvmes5.2.x86_64.rpm 
 c713dc5b541177d7ad289853a6be2869  mes5/SRPMS/gnutls-2.4.1-2.10mdvmes5.2.src.rpm

Referenzen