Debian Security Advisory

DSA-2866-1 gnutls26 -- certificate verification flaw

Date Reported:
22 Feb 2014
Affected Packages:
gnutls26
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2014-1959.
More information:

Suman Jana reported that GnuTLS, deviating from the documented behavior, considers a version 1 intermediate certificate as a CA certificate by default.

The oldstable distribution (squeeze) is not affected by this problem as X.509 version 1 trusted CA certificates are not allowed by default.

For the stable distribution (wheezy), this problem has been fixed in version 2.12.20-8.

For the testing distribution (jessie) and the unstable distribution (sid), this problem has been fixed in version 2.12.23-12.

We recommend that you upgrade your gnutls26 packages.