gnutls

• Author: kikadf
• Vulnerable: 2.12.17-2arcturus1
• Unaffected: 2.12.17-2arcturus2

Joonas Kuorilehto discovered that GNU TLS performed insufficient validation of session IDs during TLS/SSL handshakes. A malicious server could use this to execute arbitrary code or perform denial of service.

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3466