USN-2121-1: GnuTLS vulnerability

25 February 2014

GnuTLS incorrectly validated certain intermediate certificates.

Releases

Packages

  • gnutls26 - GNU TLS library

Details

Suman Jana discovered that GnuTLS incorrectly handled version 1
intermediate certificates. This resulted in them being considered to be a
valid CA certificate by default, which was contrary to documented
behaviour.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 13.10
Ubuntu 12.10
Ubuntu 12.04

In general, a standard system update will make all the necessary changes.

References