CVE-2014-0092

Published: 03 March 2014

lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.

Priority

Medium

Status

Package Release Status
gnutls26
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr)
Released (2.12.23-12ubuntu2)
Patches:
Upstream: https://www.gitorious.org/gnutls/gnutls/commit/6aa26f78150ccbdf0aec1878a41c17c41d358a3b
gnutls28
Launchpad, Ubuntu, Debian
Upstream
Released (3.1.22,3.2.12)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(3.2.11-2ubuntu1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [3.2.11-2ubuntu1])