Bugzilla – Bug 920366
VUL-1: CVE-2014-8155: gnutls: gnutls does not perform date/time checks on CA certificates.
Last modified: 2015-06-08 12:46:07 UTC
via rh#1197995 It was found that gnutls, did not perform date/time check on CA certificates. Applications compiled against gnutls, will continue to assume that a certificate is valid, even though the CA certificate, (which signed this certificate) has expired. This issue was fixed in gnutls-2.9.10 via the following commit: https://gitorious.org/gnutls/gnutls/commit/897cbce62c0263a498088ac3e465aa5f05f8719c References: https://bugzilla.redhat.com/show_bug.cgi?id=1197995
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2015-03-25. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/61058
The gnutls 2.4.x release did not handle root CA expiry times, so we are not checking those in gnutls 2.4.x. The ssl root ca store on SLES is regulary updated, so old CAs are removed via online updates. SO we currently do not plan to fix this problem for gnutls 2.4.x and older (SLE11 and older).
Releasing
i would leave it as is for now. bug might havce been incorrectly closed.