GnuTLS vulnerability now fixed in many linux distributions

Earlier this week, a new security vulnerability was discovered in the GnuTLS SSL/TLS library.
The vulnerability, indexed as CVE-2014-0092 or GNUTLS-SA-2014-2, affects the code responsible for verification of X.509 certificates and could potentially allow eavesdropping of encrypted network traffic.

The good news for linux users and system administrators is that the problem has been resolved in GnuTLS version 3.2.12.
Fixes are already available for most enterprise and desktop linux distributions, and patches have been published in the version 2.12.x git tree.
However, as both Ars Technica  and Tom’s Guide have suggested, the vulnerability might affect more than just linux servers and workstations.
As a matter of fact, any application or appliance relying on a pre-3.2.12 version of GnuTLS is vulnerable and will require an update..

Here’s a collection of related advisories for linux distributions:



Red Hat



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s