VyOS Platform Blog

GNUTLS-SA-2014-3

Written by Daniil Baturin | June 2, 2014 12:06:00 PM Z

A security issue in GnuTLS (GNUTLS-SA-2014-3) can cause client memory corruption if the server sends specially crafted ServerHello.

The only thing that uses GnuTLS in VyOS is apt-transport-https, so avoid installing packages from untrusted servers via HTTPS until the fix is available.

We are looking into including the fix in the next maintenance release.