Archived Content
In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.GnuTLS Releases Security Update
GnuTLS has released security updates to address a vulnerability affecting certificate verification functions. An attacker could use a specially crafted X509 certificate to bypass validation checks, impersonate legitimate web sites or services, and perform man-in-the-middle attacks.
Many Linux distributions and other software which use GnuTLS are affected.
Updates available include:
- GnuTLS 2.12.x patch application
- GnuTLS 3.2.12 for the current stable branch
- GnuTLS 3.1.22 for the previous stable branch
Users and administrators are encouraged to review the GnuTLS Security Advisory GNUTLS-SA-2014-2 and apply the necessary updates to help mitigate the risk.
This product is provided subject to this Notification and this Privacy & Use policy.