Synopsis: Moderate: gnutls security and bug fix update Advisory ID: SLSA-2015:1457-1 Issue Date: 2015-07-22 CVE Numbers: CVE-2015-0282 CVE-2015-0294 CVE-2014-8155 -- It was found that GnuTLS did not check activation and expiration dates of CA certificates. This could cause an application using GnuTLS to incorrectly accept a certificate as valid when its issuing CA is already expired. (CVE-2014-8155) It was found that GnuTLS did not verify whether a hashing algorithm listed in a signature matched the hashing algorithm listed in the certificate. An attacker could create a certificate that used a different hashing algorithm than it claimed, possibly causing GnuTLS to use an insecure, disallowed hashing algorithm during certificate verification. (CVE-2015-0282) It was discovered that GnuTLS did not check if all sections of X.509 certificates indicate the same signature algorithm. This flaw, in combination with a different flaw, could possibly lead to a bypass of the certificate signature check. (CVE-2015-0294) The CVE-2014-8155 issue was discovered by Marcel Kolaja of Red Hat. The CVE-2015-0282 and CVE-2015-0294 issues were discovered by Nikos Mavrogiannopoulos of the Red Hat Security Technologies Team. This update also fixes the following bug: * Previously, under certain circumstances, the certtool utility could generate X.509 certificates which contained a negative modulus. Consequently, such certificates could have interoperation problems with the software using them. The bug has been fixed, and certtool no longer generates X.509 certificates containing a negative modulus. -- SL6 x86_64 gnutls-2.8.5-18.el6.i686.rpm gnutls-2.8.5-18.el6.x86_64.rpm gnutls-debuginfo-2.8.5-18.el6.i686.rpm gnutls-debuginfo-2.8.5-18.el6.x86_64.rpm gnutls-utils-2.8.5-18.el6.x86_64.rpm gnutls-devel-2.8.5-18.el6.i686.rpm gnutls-devel-2.8.5-18.el6.x86_64.rpm gnutls-guile-2.8.5-18.el6.i686.rpm gnutls-guile-2.8.5-18.el6.x86_64.rpm i386 gnutls-2.8.5-18.el6.i686.rpm gnutls-debuginfo-2.8.5-18.el6.i686.rpm gnutls-utils-2.8.5-18.el6.i686.rpm gnutls-devel-2.8.5-18.el6.i686.rpm gnutls-guile-2.8.5-18.el6.i686.rpm - Scientific Linux Development Team