Tuesday, March 4, 2014

USN-2127-1: GnuTLS vulnerability

Ubuntu Security Notice USN-2127-1


4th March, 2014


gnutls26 vulnerability


A security issue affects these releases of Ubuntu and its derivatives:



  • Ubuntu 13.10

  • Ubuntu 12.10

  • Ubuntu 12.04 LTS

  • Ubuntu 10.04 LTS


Summary


Fraudulent security certificates could allow sensitive information to be exposed when accessing the Internet.


Software description



  • gnutls26 - GNU TLS library


Details


Nikos Mavrogiannopoulos discovered that GnuTLS incorrectly handled

certificate verification functions. If a remote attacker were able to

perform a man-in-the-middle attack, this flaw could be exploited with

specially crafted certificates to view sensitive information.


Update instructions


The problem can be corrected by updating your system to the following package version:



Ubuntu 13.10:

libgnutls26 2.12.23-1ubuntu4.2

Ubuntu 12.10:

libgnutls26 2.12.14-5ubuntu4.6

Ubuntu 12.04 LTS:

libgnutls26 2.12.14-5ubuntu3.7

Ubuntu 10.04 LTS:

libgnutls26 2.8.5-2ubuntu0.5


To update your system, please follow these instructions: http://bit.ly/1aJDvTw.


In general, a standard system update will make all the necessary changes.


References


CVE-2014-0092






via Ubuntu Security Notices http://bit.ly/1f1lCjq
Posted by at
Labels: ,

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)