| Description: | The GnuTLS library provides support for cryptographic algorithms and forprotocols such as Transport Layer Security (TLS).It was discovered that GnuTLS did not correctly handle certain errors thatcould occur during the verification of an X.509 certificate, causing it toincorrectly report a successful verification. An attacker could use thisflaw to create a specially crafted certificate that could be accepted byGnuTLS as valid for a site chosen by the attacker. (CVE-2014-0092)A flaw was found in the way GnuTLS handled version 1 X.509 certificates.An attacker able to obtain a version 1 certificate from a trustedcertificate authority could use this flaw to issue certificates for othersites that would be accepted by GnuTLS as valid. (CVE-2009-5138)The CVE-2014-0092 issue was discovered by Nikos Mavrogiannopoulos of theRed Hat Security Technologies Team.Users of GnuTLS are advised to upgrade to these updated packages, whichcorrect these issues. For the update to take effect, all applicationslinked to the GnuTLS library must be restarted. |