PublicDateAtUSN: 2014-02-21
Candidate: CVE-2014-1959
PublicDate: 2014-03-07 00:10:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1959
 https://www.gitorious.org/gnutls/gnutls/commit/b1abfe3d18
 http://gnutls.org/security.html
 https://ubuntu.com/security/notices/USN-2121-1
Description:
 lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats
 version 1 X.509 certificates as intermediate CAs, which allows remote
 attackers to bypass intended restrictions by leveraging a X.509 V1
 certificate from a trusted CA to issue new certificates.
Ubuntu-Description:
Notes:
 mdeslaur> introduced by:
 mdeslaur> https://www.gitorious.org/gnutls/gnutls/commit/60ee8a0eb9975d123002b1cffbefd60a8cd5fae6
Bugs:
 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-1959
Priority: medium
Discovered-by: Suman Jana
Assigned-to: mdeslaur
CVSS: 

Patches_gnutls26:
 upstream: https://www.gitorious.org/gnutls/gnutls/commit/b1abfe3d182d68539900092eb42fc62cf1bb7e7c
upstream_gnutls26: released (2.12.23-12)
lucid_gnutls26: not-affected (2.8.5-2ubuntu0.4)
precise_gnutls26: released (2.12.14-5ubuntu3.6)
precise/esm_gnutls26: released (2.12.14-5ubuntu3.6)
quantal_gnutls26: released (2.12.14-5ubuntu4.5)
saucy_gnutls26: released (2.12.23-1ubuntu4.1)
trusty_gnutls26: released (2.12.23-1ubuntu6)
trusty/esm_gnutls26: released (2.12.23-1ubuntu6)
utopic_gnutls26: released (2.12.23-1ubuntu6)
vivid_gnutls26: DNE
vivid/stable-phone-overlay_gnutls26: DNE
vivid/ubuntu-core_gnutls26: DNE
wily_gnutls26: DNE
xenial_gnutls26: DNE
yakkety_gnutls26: DNE
zesty_gnutls26: DNE
devel_gnutls26: DNE

Patches_gnutls28:
 upstream: https://www.gitorious.org/gnutls/gnutls/commit/b1abfe3d182d68539900092eb42fc62cf1bb7e7c
upstream_gnutls28: released (3.2.11-1)
lucid_gnutls28: DNE
precise_gnutls28: ignored (reached end-of-life)
precise/esm_gnutls28: DNE (precise was needed)
quantal_gnutls28: ignored (reached end-of-life)
saucy_gnutls28: ignored (reached end-of-life)
trusty_gnutls28: not-affected (3.2.11-2ubuntu1)
trusty/esm_gnutls28: DNE (trusty was not-affected [3.2.11-2ubuntu1])
utopic_gnutls28: not-affected (3.2.11-2ubuntu1)
vivid_gnutls28: not-affected (3.2.11-2ubuntu1)
vivid/stable-phone-overlay_gnutls28: not-affected (3.2.11-2ubuntu1)
vivid/ubuntu-core_gnutls28: not-affected (3.2.11-2ubuntu1)
wily_gnutls28: not-affected (3.2.11-2ubuntu1)
xenial_gnutls28: not-affected (3.2.11-2ubuntu1)
esm-infra/xenial_gnutls28: not-affected (3.2.11-2ubuntu1)
yakkety_gnutls28: not-affected (3.2.11-2ubuntu1)
zesty_gnutls28: not-affected (3.2.11-2ubuntu1)
devel_gnutls28: not-affected (3.2.11-2ubuntu1)