gnutls: security update
The gnutls library was updated to fix SSL certificate validation. Remote man-in-the-middle attackers were able to make the verification believe that a SSL certificate is valid even though it was not.
Also the TLS-CBC timing attack vulnerability was fixed.
- Submitted by Stefan Lijewski (lijews)
Fixed bugs
bnc#865804
VUL-0: CVE-2014-0092: gnutls: insufficient X.509 certificate verification