Bug in GnuTLS discovered on CentOS Linux - Update your GnuTLS pkg now!

Bug in GnuTLS library discovered – allows attackers to bypass SSL trivially – update your GnuTLS now!

Posted by Curtis K in Administration, CentOS 6, News, Security, Security Alerts Mar, 05 2014 2 Comments

What is the GnuTLS bug?

Red Hat has discovered a bug in the GnuTLS (GNU Transport Layer Security) package that may allow attackers to trivially bypass SSL (CVE-2014-0092). RHEL, CentOS, Debian and other popular Linux distributions are susceptible to potential eavesdropping due to this bug.

What version of GnuTLS is affected?

At this point it is known that package version gnutls-2.8.5-10 and below are affected.

How do I update this package?

To update this package, run the following command:

yum update gnutls

The patched version is gnutls-2.8.5-13 (and onwards).

Further Information

For more information, see the official RHEL update message.

About Author: Curtis K

Hi! My name is Curtis, and I am the author of CentOS Blog. Please feel free to comment with any suggestions, feedback or questions!