Test ID:	1.3.6.1.4.1.25623.1.0.702869
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-2869-1)
Summary:	The remote host is missing an update for the Debian 'gnutls26' package(s) announced via the DSA-2869-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'gnutls26' package(s) announced via the DSA-2869-1 advisory. Vulnerability Insight: Nikos Mavrogiannopoulos of Red Hat discovered an X.509 certificate verification issue in GnuTLS, an SSL/TLS library. A certificate validation could be reported successfully even in cases were an error would prevent all verification steps to be performed. An attacker doing a man-in-the-middle of a TLS connection could use this vulnerability to present a carefully crafted certificate that would be accepted by GnuTLS as valid even if not signed by one of the trusted authorities. For the oldstable distribution (squeeze), this problem has been fixed in version 2.8.6-1+squeeze3. For the stable distribution (wheezy), this problem has been fixed in version 2.12.20-8+deb7u1. For the testing distribution (jessie), this problem has been fixed in version 2.12.23-13. For the unstable distribution (sid), this problem has been fixed in version 2.12.23-13. We recommend that you upgrade your gnutls26 packages. Affected Software/OS: 'gnutls26' package(s) on Debian 6, Debian 7. Solution: Please install the updated package(s). CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-0092 BugTraq ID: 65919 http://www.securityfocus.com/bid/65919 Debian Security Information: DSA-2869 (Google Search) http://www.debian.org/security/2014/dsa-2869 RedHat Security Advisories: RHSA-2014:0246 http://rhn.redhat.com/errata/RHSA-2014-0246.html RedHat Security Advisories: RHSA-2014:0247 http://rhn.redhat.com/errata/RHSA-2014-0247.html RedHat Security Advisories: RHSA-2014:0288 http://rhn.redhat.com/errata/RHSA-2014-0288.html RedHat Security Advisories: RHSA-2014:0339 http://rhn.redhat.com/errata/RHSA-2014-0339.html http://secunia.com/advisories/56933 http://secunia.com/advisories/57103 http://secunia.com/advisories/57204 http://secunia.com/advisories/57254 http://secunia.com/advisories/57260 http://secunia.com/advisories/57274 http://secunia.com/advisories/57321 SuSE Security Announcement: SUSE-SU-2014:0319 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00000.html SuSE Security Announcement: SUSE-SU-2014:0320 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html SuSE Security Announcement: SUSE-SU-2014:0321 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00002.html SuSE Security Announcement: SUSE-SU-2014:0322 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html SuSE Security Announcement: SUSE-SU-2014:0323 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00004.html SuSE Security Announcement: SUSE-SU-2014:0324 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00005.html SuSE Security Announcement: SUSE-SU-2014:0445 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00020.html SuSE Security Announcement: openSUSE-SU-2014:0325 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00006.html SuSE Security Announcement: openSUSE-SU-2014:0328 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00007.html SuSE Security Announcement: openSUSE-SU-2014:0346 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00009.html http://www.ubuntu.com/usn/USN-2127-1
Copyright	Copyright (C) 2014 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.