Launchpad.net

CVE 2014-0092

lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.

Related bugs and status

CVE-2014-0092 (Candidate) is related to these bugs:

Bug #1308231: update and apt-get install -f fail to work.

Summary				In	Importance	Status
	1308231	update and apt-get install -f fail to work.		gnutls26 (Ubuntu)	Undecided	Confirmed

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://gnutls.org/secu...
CONFIRM: https://bugzilla.redha...
DEBIAN: DSA-2869
REDHAT: RHSA-2014:0246
REDHAT: RHSA-2014:0247
SUSE: SUSE-SU-2014:0319
SUSE: SUSE-SU-2014:0321
SUSE: SUSE-SU-2014:0323
UBUNTU: USN-2127-1
SECUNIA: 56933
SECUNIA: 57103
SECUNIA: 57204
SUSE: SUSE-SU-2014:0320
SUSE: SUSE-SU-2014:0322
SUSE: SUSE-SU-2014:0324
SUSE: openSUSE-SU-2014:0325
SUSE: openSUSE-SU-2014:0328
SUSE: openSUSE-SU-2014:0346
REDHAT: RHSA-2014:0288
SECUNIA: 57254
SECUNIA: 57260
SECUNIA: 57274
SECUNIA: 57321
SUSE: SUSE-SU-2014:0445
REDHAT: RHSA-2014:0339
BID: 65919