[PC-BSD Testing] Serious safety bug GnuTLS-bug; is pcbsd effected by this ?

Hans Ruhe hansruhe1 at gmail.com
Thu Mar 6 00:18:06 PST 2014


Hello Kris and team,

I read this for Linux, but since BSD is using some elements of Linux, I
wondered if this bug is also the BSD distrobutions.

GNU TLS is a library which is taking care of SSL and TLS traffic and
abusing the bug makes it possible to tap off internettraffic and reroute.
The bug is taking (or rather not taking care) of that certain verification
checks are not taking place and that not valid certifications are being
validated as safe.

Can you investigate this ?  Fortunately the moment I read this, there is a
fix available, speaking of timing. But this bug seems to be around for
quite some time.

It is being advised to upgrade to version 3.2.12.

Best regards,
Hans
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.pcbsd.org/pipermail/testing/attachments/20140306/840279d5/attachment.html>


More information about the Testing mailing list