ASA-201609-26 generated external raw

[ASA-201609-26] lib32-gnutls: certificate verification bypass
Arch Linux Security Advisory ASA-201609-26 ========================================== Severity: Medium Date : 2016-09-26 CVE-ID : CVE-2016-7444 Package : lib32-gnutls Type : certificate verification bypass Remote : Yes Link : Summary ======= The package lib32-gnutls before version 3.4.15-1 is vulnerable to certificate verification bypass. Resolution ========== Upgrade to 3.4.15-1. # pacman -Syu "lib32-gnutls>=3.4.15-1" The problem has been fixed upstream in version 3.4.15. Workaround ========== None. Description =========== Incorrect length validation on gnutls's gnutls_ocsp_resp_check_crt method can allow an attacker to use a OCSP response for a different certificate (but from the same CA) to continue using a revoked certificate. This can happen if the serial from the revoked certificate is a prefix of the other one, and the additional bytes happen to be equal on the system doing the verification. Impact ====== A remote attacker is able to bypass certificate verification and continue using a revoked certificate under certain circumstances. References ==========