Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 25 Feb 2014 22:00:16 +0100
From: Tomas Hoger <>
Subject: Re: Re: CVE Request - GnuTLS corrects flaw in
 certificate verification (3.1.x/3.2.x)

On Thu, 13 Feb 2014 15:30:53 -0500 (EST) wrote:

> >
> > GNUTLS-SA-2014-1
> >
> Use CVE-2014-1959.

GnuTLS versions before 2.7.6 contained different bug that caused GnuTLS
to accept V1 intermediate CAs by default, while no V1 CAs were meant to
be accepted unless GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT or
GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT verification flags were used.

This should get a separate CVE.

Tomas Hoger / Red Hat Security Response Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ