Arch Linux Security Advisory ASA-201609-26 ========================================== Severity: Medium Date : 2016-09-26 CVE-ID : CVE-2016-7444 Package : lib32-gnutls Type : certificate verification bypass Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package lib32-gnutls before version 3.4.15-1 is vulnerable to certificate verification bypass. Resolution ========== Upgrade to 3.4.15-1. # pacman -Syu "lib32-gnutls>=3.4.15-1" The problem has been fixed upstream in version 3.4.15. Workaround ========== None. Description =========== Incorrect length validation on gnutls's gnutls_ocsp_resp_check_crt method can allow an attacker to use a OCSP response for a different certificate (but from the same CA) to continue using a revoked certificate. This can happen if the serial from the revoked certificate is a prefix of the other one, and the additional bytes happen to be equal on the system doing the verification. Impact ====== A remote attacker is able to bypass certificate verification and continue using a revoked certificate under certain circumstances. References ========== https://lists.gnupg.org/pipermail/gnutls-devel/2016-September/008146.html https://gitlab.com/gnutls/gnutls/commit/964632f37dfdfb914ebc5e49db4fa29af35b1de9 https://access.redhat.com/security/cve/CVE-2016-7444