FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2014-0092

This CVE name corresponds to:

Entered Topic
2014-03-04 gnutls -- multiple certificate verification issues

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2014-0092 at cve.mitre.org

Details

Type Candidate
Name CVE-2014-0092
Phase Assigned(20131203)

Description

lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.

References

Source Reference
CONFIRM http://gnutls.org/security.html#GNUTLS-SA-2014-2
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1069865
DEBIAN DSA-2869
REDHAT RHSA-2014:0246
REDHAT RHSA-2014:0247
REDHAT RHSA-2014:0288
REDHAT RHSA-2014:0339
SUSE SUSE-SU-2014:0319
SUSE SUSE-SU-2014:0321
SUSE SUSE-SU-2014:0323
SUSE SUSE-SU-2014:0320
SUSE SUSE-SU-2014:0322
SUSE SUSE-SU-2014:0324
SUSE openSUSE-SU-2014:0325
SUSE openSUSE-SU-2014:0328
SUSE openSUSE-SU-2014:0346
SUSE SUSE-SU-2014:0445
UBUNTU USN-2127-1
SECUNIA 56933
SECUNIA 57103
SECUNIA 57204
SECUNIA 57254
SECUNIA 57260
SECUNIA 57274
SECUNIA 57321

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.