Synopsis: Moderate: gnutls security and bug fix update
Advisory ID: SLSA-2015:1457-1
Issue Date: 2015-07-22
CVE Numbers: CVE-2015-0282
CVE-2015-0294
CVE-2014-8155
--
It was found that GnuTLS did not check activation and expiration dates of
CA certificates. This could cause an application using GnuTLS to
incorrectly accept a certificate as valid when its issuing CA is already
expired. (CVE-2014-8155)
It was found that GnuTLS did not verify whether a hashing algorithm listed
in a signature matched the hashing algorithm listed in the certificate. An
attacker could create a certificate that used a different hashing
algorithm than it claimed, possibly causing GnuTLS to use an insecure,
disallowed hashing algorithm during certificate verification.
(CVE-2015-0282)
It was discovered that GnuTLS did not check if all sections of X.509
certificates indicate the same signature algorithm. This flaw, in
combination with a different flaw, could possibly lead to a bypass of the
certificate signature check. (CVE-2015-0294)
The CVE-2014-8155 issue was discovered by Marcel Kolaja of Red Hat. The
CVE-2015-0282 and CVE-2015-0294 issues were discovered by Nikos
Mavrogiannopoulos of the Red Hat Security Technologies Team.
This update also fixes the following bug:
* Previously, under certain circumstances, the certtool utility could
generate X.509 certificates which contained a negative modulus.
Consequently, such certificates could have interoperation problems with
the software using them. The bug has been fixed, and certtool no longer
generates X.509 certificates containing a negative modulus.
--
SL6
x86_64
gnutls-2.8.5-18.el6.i686.rpm
gnutls-2.8.5-18.el6.x86_64.rpm
gnutls-debuginfo-2.8.5-18.el6.i686.rpm
gnutls-debuginfo-2.8.5-18.el6.x86_64.rpm
gnutls-utils-2.8.5-18.el6.x86_64.rpm
gnutls-devel-2.8.5-18.el6.i686.rpm
gnutls-devel-2.8.5-18.el6.x86_64.rpm
gnutls-guile-2.8.5-18.el6.i686.rpm
gnutls-guile-2.8.5-18.el6.x86_64.rpm
i386
gnutls-2.8.5-18.el6.i686.rpm
gnutls-debuginfo-2.8.5-18.el6.i686.rpm
gnutls-utils-2.8.5-18.el6.i686.rpm
gnutls-devel-2.8.5-18.el6.i686.rpm
gnutls-guile-2.8.5-18.el6.i686.rpm
- Scientific Linux Development Team
|