Debian Security Advisory
DLA-0001-1 gnutls26 -- LTS security update
- Date Reported:
- 02 Jun 2014
- Affected Packages:
- gnutls26
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2014-3466.
- More information:
-
Joonas Kuorilehto discovered that GNU TLS performed insufficient validation of session IDs during TLS/SSL handshakes. A malicious server could use this to execute arbitrary code or perform denial or service.
For Debian 6
Squeeze
, these issues have been fixed in gnutls26 version 2.8.6-1+squeeze4