Описание
GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate that is (1) not yet valid or (2) no longer valid.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | |
| esm-infra-legacy/trusty | not-affected | |
| lucid | released | 2.8.5-2ubuntu0.7 |
| precise | not-affected | 2.12.14-5ubuntu3.8 |
| trusty | not-affected | |
| trusty/esm | not-affected | |
| upstream | released | 2.9.10-1 |
| utopic | not-affected |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected] |
| lucid | DNE | |
| precise | not-affected | 3.0.11-1ubuntu2 |
| trusty | not-affected | |
| trusty/esm | DNE | trusty was not-affected |
| upstream | not-affected | |
| utopic | not-affected |
Показывать по
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate that is (1) not yet valid or (2) no longer valid.
GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate that is (1) not yet valid or (2) no longer valid.
GnuTLS before 2.9.10 does not verify the activation and expiration dat ...
GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate that is (1) not yet valid or (2) no longer valid.
ELSA-2015-1457: gnutls security and bug fix update (MODERATE)
EPSS
4.3 Medium
CVSS2