Joonas Kuorilehto discovered that GNU TLS performed insufficient validation of session IDs during TLS/SSL handshakes. A malicious server could use this to execute arbitrary code or perform denial of service. For the stable distribution (wheezy), this problem has been fixed in version 2.12.20-8+deb7u2. For the unstable distribution (sid), this problem has been fixed in version 2.12.23-16. We recommend that you upgrade your gnutls26 packages.
Joonas Kuorilehto discovered that GNU TLS performed insufficient validation of session IDs during TLS/SSL handshakes. A malicious server could use this to execute arbitrary code or perform denial of service.
For the stable distribution (wheezy), this problem has been fixed in version 2.12.20-8+deb7u2.
For the unstable distribution (sid), this problem has been fixed in version 2.12.23-16.
We recommend that you upgrade your gnutls26 packages.