Debian Security Advisory

DLA-0001-1 gnutls26 -- LTS security update

Date Reported:
02 Jun 2014
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2014-3466.
More information:

Joonas Kuorilehto discovered that GNU TLS performed insufficient validation of session IDs during TLS/SSL handshakes. A malicious server could use this to execute arbitrary code or perform denial or service.

For Debian 6 Squeeze, these issues have been fixed in gnutls26 version 2.8.6-1+squeeze4