Archived Content

In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
Alert

GnuTLS Releases Security Update

Last Revised

GnuTLS has released security updates to address a vulnerability affecting certificate verification functions. An attacker could use a specially crafted X509 certificate to bypass validation checks, impersonate legitimate web sites or services, and perform man-in-the-middle attacks.

Many Linux distributions and other software which use GnuTLS are affected.

Updates available include:

  •  GnuTLS 2.12.x patch application
  •  GnuTLS 3.2.12 for the current stable branch
  •  GnuTLS 3.1.22 for the previous stable branch

Users and administrators are encouraged to review the GnuTLS Security Advisory GNUTLS-SA-2014-2 and apply the necessary updates to help mitigate the risk.

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts

We recently updated our anonymous product survey; we welcome your feedback.