[Users] Import security update for Win32
Colin Leroy
colin at colino.net
Wed Mar 5 15:38:07 CET 2014
Hi,
Following a rather important vulnerability fix in GnuTLS
(CVE-2014-0092), I have updated the Windows port to a fixed GnuTLS.
The updated installer is available at http://www.claws-mail.org/win32/
as usual.
Concerning the vulnerability, it is described at
http://www.gnutls.org/security.html#GNUTLS-SA-2014-2
It resembles the recent SSL vulnerability found in Apple products,
allowing to bypass certificate validation.
It could be used, by someone in position to redirect network traffic to
a rogue server (Man in the middle), to impersonate an SSL email server
and fetch user passwords without triggering an invalid certificate
warning - for known servers, the changed certificate warning would
still be issued.
--
Colin
More information about the Users
mailing list