ALAS-2014-301

Metadata

medium
5.8
gnutls
CVE-2014-0092
2014-03-06
2017-06-16 19:08
Important CentOS gnutls Update
CVE-2014-0092 gnutls26
CVE-2014-0092 gnutls28
CVE-2014-0092
2017-04-01 21:44
2017-01-05 20:04

Description

It was discovered that GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification. An attacker could use this flaw to create a specially crafted certificate that could be accepted by GnuTLS as valid for a site chosen by the attacker. (CVE-2014-0092 )

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Package Patched in
gnutls gnutls-2.8.5-13.11.amzn1.i686
gnutls gnutls-2.8.5-13.11.amzn1.src
gnutls gnutls-2.8.5-13.11.amzn1.x86_64
gnutls-debuginfo gnutls-debuginfo-2.8.5-13.11.amzn1.x86_64
gnutls-debuginfo gnutls-debuginfo-2.8.5-13.11.amzn1.i686
gnutls-devel gnutls-devel-2.8.5-13.11.amzn1.i686
gnutls-devel gnutls-devel-2.8.5-13.11.amzn1.x86_64
gnutls-guile gnutls-guile-2.8.5-13.11.amzn1.x86_64
gnutls-guile gnutls-guile-2.8.5-13.11.amzn1.i686
gnutls-utils gnutls-utils-2.8.5-13.11.amzn1.i686
gnutls-utils gnutls-utils-2.8.5-13.11.amzn1.x86_64