Red Hat Product Errata RHSA-2012:0428 - Security Advisory

Issued:: 2012-03-27
Updated:: 2012-03-27

RHSA-2012:0428 - Security Advisory

Overview
Updated Packages

Synopsis

Important: gnutls security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated gnutls packages that fix three security issues are now available
for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

Description

The GnuTLS library provides support for cryptographic algorithms and for
protocols such as Transport Layer Security (TLS). GnuTLS includes libtasn1,
a library developed for ASN.1 (Abstract Syntax Notation One) structures
management that includes DER (Distinguished Encoding Rules) encoding and
decoding.

A flaw was found in the way GnuTLS decrypted malformed TLS records. This
could cause a TLS/SSL client or server to crash when processing a
specially-crafted TLS record from a remote TLS/SSL connection peer.
(CVE-2012-1573)

A flaw was found in the way libtasn1 decoded DER data. An attacker could
create a carefully-crafted X.509 certificate that, when parsed by an
application that uses GnuTLS, could cause the application to crash.
(CVE-2012-1569)

A boundary error was found in the gnutls_session_get_data() function. A
malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or,
possibly, execute arbitrary code as the client, if the client passed a
fixed-sized buffer to gnutls_session_get_data() before checking the real
size of the session data provided by the server. (CVE-2011-4128)

Red Hat would like to thank Matthew Hall of Mu Dynamics for reporting
CVE-2012-1573 and CVE-2012-1569.

Users of GnuTLS are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. For the update to take
effect, all applications linked to the GnuTLS library must be restarted, or
the system rebooted.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Affected Products

Red Hat Enterprise Linux Server 5 x86_64
Red Hat Enterprise Linux Server 5 ia64
Red Hat Enterprise Linux Server 5 i386
Red Hat Enterprise Linux Workstation 5 x86_64
Red Hat Enterprise Linux Workstation 5 i386
Red Hat Enterprise Linux Desktop 5 x86_64
Red Hat Enterprise Linux Desktop 5 i386
Red Hat Enterprise Linux for IBM z Systems 5 s390x
Red Hat Enterprise Linux for Power, big endian 5 ppc
Red Hat Enterprise Linux Server from RHUI 5 x86_64
Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

BZ - 752308 - CVE-2011-4128 gnutls: buffer overflow in gnutls_session_get_data() (GNUTLS-SA-2011-2)
BZ - 804920 - CVE-2012-1569 libtasn1: DER decoding buffer overflow (GNUTLS-SA-2012-3, MU-201202-02)
BZ - 805432 - CVE-2012-1573 gnutls: TLS record handling issue (GNUTLS-SA-2012-2, MU-201202-01)

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 5

SRPM
gnutls-1.4.1-7.el5_8.2.src.rpm	SHA-256: 0bcbc53f2ae9d6bac04152ec1f74e932c04d5ef92ca77889b22a52896a3c86f4
x86_64
gnutls-1.4.1-7.el5_8.2.i386.rpm	SHA-256: 90bb3e0d4408afaacf008301d54a8348cb6aed6832bdb9895e0b868260a3365f
gnutls-1.4.1-7.el5_8.2.x86_64.rpm	SHA-256: f5657f280470a457063a6290de46776ce4872353eb28c12d0e646244b748feab
gnutls-debuginfo-1.4.1-7.el5_8.2.i386.rpm	SHA-256: d256d8b18ae0ff97e24689ec570cd122b52a0058e39a7ee7ee7eb714cc28bc74
gnutls-debuginfo-1.4.1-7.el5_8.2.x86_64.rpm	SHA-256: 8584ab002ae679c4a850e7a837fc1729dc15f88416982c48c7b38003d7933350
gnutls-devel-1.4.1-7.el5_8.2.i386.rpm	SHA-256: ae2ee270456bff90ea2e35d87fb0ef65bdda31914c92fd04debe467a12c1fac7
gnutls-devel-1.4.1-7.el5_8.2.x86_64.rpm	SHA-256: 400a59dc6bfe64a708d182659d22c5da90d9cd421655b73e32596953ef12dcaf
gnutls-utils-1.4.1-7.el5_8.2.x86_64.rpm	SHA-256: 184c5bd92659511ebc4f3636ace2c5b80de7cc94c2c8f32753c440eeb41e6d82
ia64
gnutls-1.4.1-7.el5_8.2.i386.rpm	SHA-256: 90bb3e0d4408afaacf008301d54a8348cb6aed6832bdb9895e0b868260a3365f
gnutls-1.4.1-7.el5_8.2.ia64.rpm	SHA-256: 2a8b802f46ff1244c58069c8d7fc7623d939d1559a07774f0d2b7b6afcd5faa5
gnutls-debuginfo-1.4.1-7.el5_8.2.i386.rpm	SHA-256: d256d8b18ae0ff97e24689ec570cd122b52a0058e39a7ee7ee7eb714cc28bc74
gnutls-debuginfo-1.4.1-7.el5_8.2.ia64.rpm	SHA-256: 2ccc618678554ecbc3e97d90725433af3268b58140c79b5e370ba20c73bba2c7
gnutls-devel-1.4.1-7.el5_8.2.ia64.rpm	SHA-256: 5825bfcf3d64cadf13a78757728faa4644d757d8df5b1bb04dfb91db100efab4
gnutls-utils-1.4.1-7.el5_8.2.ia64.rpm	SHA-256: 06a2ee01389ffa44a487f64281345c3cf3c13cbd32c78442d90d697fd1985181
i386
gnutls-1.4.1-7.el5_8.2.i386.rpm	SHA-256: 90bb3e0d4408afaacf008301d54a8348cb6aed6832bdb9895e0b868260a3365f
gnutls-debuginfo-1.4.1-7.el5_8.2.i386.rpm	SHA-256: d256d8b18ae0ff97e24689ec570cd122b52a0058e39a7ee7ee7eb714cc28bc74
gnutls-devel-1.4.1-7.el5_8.2.i386.rpm	SHA-256: ae2ee270456bff90ea2e35d87fb0ef65bdda31914c92fd04debe467a12c1fac7
gnutls-utils-1.4.1-7.el5_8.2.i386.rpm	SHA-256: 98cc440275152e8a251d47afbe10c6f9c0b5ccf17eb540292362da5b4cf8ef98

Red Hat Enterprise Linux Workstation 5

SRPM
gnutls-1.4.1-7.el5_8.2.src.rpm	SHA-256: 0bcbc53f2ae9d6bac04152ec1f74e932c04d5ef92ca77889b22a52896a3c86f4
x86_64
gnutls-1.4.1-7.el5_8.2.i386.rpm	SHA-256: 90bb3e0d4408afaacf008301d54a8348cb6aed6832bdb9895e0b868260a3365f
gnutls-1.4.1-7.el5_8.2.x86_64.rpm	SHA-256: f5657f280470a457063a6290de46776ce4872353eb28c12d0e646244b748feab
gnutls-debuginfo-1.4.1-7.el5_8.2.i386.rpm	SHA-256: d256d8b18ae0ff97e24689ec570cd122b52a0058e39a7ee7ee7eb714cc28bc74
gnutls-debuginfo-1.4.1-7.el5_8.2.i386.rpm	SHA-256: d256d8b18ae0ff97e24689ec570cd122b52a0058e39a7ee7ee7eb714cc28bc74
gnutls-debuginfo-1.4.1-7.el5_8.2.x86_64.rpm	SHA-256: 8584ab002ae679c4a850e7a837fc1729dc15f88416982c48c7b38003d7933350
gnutls-debuginfo-1.4.1-7.el5_8.2.x86_64.rpm	SHA-256: 8584ab002ae679c4a850e7a837fc1729dc15f88416982c48c7b38003d7933350
gnutls-devel-1.4.1-7.el5_8.2.i386.rpm	SHA-256: ae2ee270456bff90ea2e35d87fb0ef65bdda31914c92fd04debe467a12c1fac7
gnutls-devel-1.4.1-7.el5_8.2.x86_64.rpm	SHA-256: 400a59dc6bfe64a708d182659d22c5da90d9cd421655b73e32596953ef12dcaf
gnutls-utils-1.4.1-7.el5_8.2.x86_64.rpm	SHA-256: 184c5bd92659511ebc4f3636ace2c5b80de7cc94c2c8f32753c440eeb41e6d82
i386
gnutls-1.4.1-7.el5_8.2.i386.rpm	SHA-256: 90bb3e0d4408afaacf008301d54a8348cb6aed6832bdb9895e0b868260a3365f
gnutls-debuginfo-1.4.1-7.el5_8.2.i386.rpm	SHA-256: d256d8b18ae0ff97e24689ec570cd122b52a0058e39a7ee7ee7eb714cc28bc74
gnutls-debuginfo-1.4.1-7.el5_8.2.i386.rpm	SHA-256: d256d8b18ae0ff97e24689ec570cd122b52a0058e39a7ee7ee7eb714cc28bc74
gnutls-devel-1.4.1-7.el5_8.2.i386.rpm	SHA-256: ae2ee270456bff90ea2e35d87fb0ef65bdda31914c92fd04debe467a12c1fac7
gnutls-utils-1.4.1-7.el5_8.2.i386.rpm	SHA-256: 98cc440275152e8a251d47afbe10c6f9c0b5ccf17eb540292362da5b4cf8ef98

Red Hat Enterprise Linux Desktop 5

SRPM
gnutls-1.4.1-7.el5_8.2.src.rpm	SHA-256: 0bcbc53f2ae9d6bac04152ec1f74e932c04d5ef92ca77889b22a52896a3c86f4
x86_64
gnutls-1.4.1-7.el5_8.2.i386.rpm	SHA-256: 90bb3e0d4408afaacf008301d54a8348cb6aed6832bdb9895e0b868260a3365f
gnutls-1.4.1-7.el5_8.2.x86_64.rpm	SHA-256: f5657f280470a457063a6290de46776ce4872353eb28c12d0e646244b748feab
gnutls-debuginfo-1.4.1-7.el5_8.2.i386.rpm	SHA-256: d256d8b18ae0ff97e24689ec570cd122b52a0058e39a7ee7ee7eb714cc28bc74
gnutls-debuginfo-1.4.1-7.el5_8.2.x86_64.rpm	SHA-256: 8584ab002ae679c4a850e7a837fc1729dc15f88416982c48c7b38003d7933350
gnutls-utils-1.4.1-7.el5_8.2.x86_64.rpm	SHA-256: 184c5bd92659511ebc4f3636ace2c5b80de7cc94c2c8f32753c440eeb41e6d82
i386
gnutls-1.4.1-7.el5_8.2.i386.rpm	SHA-256: 90bb3e0d4408afaacf008301d54a8348cb6aed6832bdb9895e0b868260a3365f
gnutls-debuginfo-1.4.1-7.el5_8.2.i386.rpm	SHA-256: d256d8b18ae0ff97e24689ec570cd122b52a0058e39a7ee7ee7eb714cc28bc74
gnutls-utils-1.4.1-7.el5_8.2.i386.rpm	SHA-256: 98cc440275152e8a251d47afbe10c6f9c0b5ccf17eb540292362da5b4cf8ef98

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
gnutls-1.4.1-7.el5_8.2.src.rpm	SHA-256: 0bcbc53f2ae9d6bac04152ec1f74e932c04d5ef92ca77889b22a52896a3c86f4
s390x
gnutls-1.4.1-7.el5_8.2.s390.rpm	SHA-256: 1b521f347fdc26131e98fcc23eb553cfadc2917a7ea1e09375f0d09bc3d72305
gnutls-1.4.1-7.el5_8.2.s390x.rpm	SHA-256: 2be0cba812ab5fb8b284370c1fdee5be6eb9ef8e58c11e91b78ac5dc4c21ff19
gnutls-debuginfo-1.4.1-7.el5_8.2.s390.rpm	SHA-256: f009a7965cab8a1a2ba420eb84a2ac27292d2d4355df1f30730fd3467eba0303
gnutls-debuginfo-1.4.1-7.el5_8.2.s390x.rpm	SHA-256: 749ae5f2b811c10215f452b64a25b3893afde5956ba980bd614ec5ca5a37b0cb
gnutls-devel-1.4.1-7.el5_8.2.s390.rpm	SHA-256: bda2650de9af3c2353b148c245db95f926f59d4c106728c3ce8267446f1c3261
gnutls-devel-1.4.1-7.el5_8.2.s390x.rpm	SHA-256: 8df33aa0783634ee4dda9ff3d49232d52b9e811ecf060a046769ca0fdc9738f9
gnutls-utils-1.4.1-7.el5_8.2.s390x.rpm	SHA-256: 5d78572968ebb4d8903fc21d90f2d12c1a23fad4b87145b931f0fe74aeb534d3

Red Hat Enterprise Linux for Power, big endian 5

SRPM
gnutls-1.4.1-7.el5_8.2.src.rpm	SHA-256: 0bcbc53f2ae9d6bac04152ec1f74e932c04d5ef92ca77889b22a52896a3c86f4
ppc
gnutls-1.4.1-7.el5_8.2.ppc.rpm	SHA-256: e6c25b35ebd933e30bffbb92e865e8017533a9272c9b2652c1d75557e45334be
gnutls-1.4.1-7.el5_8.2.ppc64.rpm	SHA-256: 2883ecc82b31bae28725a23e620d65599caac633e53288137bd7e2a1699d66e9
gnutls-debuginfo-1.4.1-7.el5_8.2.ppc.rpm	SHA-256: 9c392cc7a761c2003594887fd2f6abd1f0cdda688e4ba17c18aa86562d70d4b1
gnutls-debuginfo-1.4.1-7.el5_8.2.ppc64.rpm	SHA-256: e4730eab966c56492cfc72d0382a8d68b975cf7d784284b848b6dcde4b35fc81
gnutls-devel-1.4.1-7.el5_8.2.ppc.rpm	SHA-256: 8a2048dc74b7daa054d636aab01350a17f421aab15a12b07a23e61b15e1e4087
gnutls-devel-1.4.1-7.el5_8.2.ppc64.rpm	SHA-256: fde1d755715456966e654703f336726c99681971b1e61acb22480e65b60e9c26
gnutls-utils-1.4.1-7.el5_8.2.ppc.rpm	SHA-256: ad9896ba8ddfb0a04f4bc20297ac576d9b95c93c2e02e8f3c17d974814151180

Red Hat Enterprise Linux Server from RHUI 5

SRPM
gnutls-1.4.1-7.el5_8.2.src.rpm	SHA-256: 0bcbc53f2ae9d6bac04152ec1f74e932c04d5ef92ca77889b22a52896a3c86f4
x86_64
gnutls-1.4.1-7.el5_8.2.i386.rpm	SHA-256: 90bb3e0d4408afaacf008301d54a8348cb6aed6832bdb9895e0b868260a3365f
gnutls-1.4.1-7.el5_8.2.x86_64.rpm	SHA-256: f5657f280470a457063a6290de46776ce4872353eb28c12d0e646244b748feab
gnutls-debuginfo-1.4.1-7.el5_8.2.i386.rpm	SHA-256: d256d8b18ae0ff97e24689ec570cd122b52a0058e39a7ee7ee7eb714cc28bc74
gnutls-debuginfo-1.4.1-7.el5_8.2.x86_64.rpm	SHA-256: 8584ab002ae679c4a850e7a837fc1729dc15f88416982c48c7b38003d7933350
gnutls-devel-1.4.1-7.el5_8.2.i386.rpm	SHA-256: ae2ee270456bff90ea2e35d87fb0ef65bdda31914c92fd04debe467a12c1fac7
gnutls-devel-1.4.1-7.el5_8.2.x86_64.rpm	SHA-256: 400a59dc6bfe64a708d182659d22c5da90d9cd421655b73e32596953ef12dcaf
gnutls-utils-1.4.1-7.el5_8.2.x86_64.rpm	SHA-256: 184c5bd92659511ebc4f3636ace2c5b80de7cc94c2c8f32753c440eeb41e6d82
i386
gnutls-1.4.1-7.el5_8.2.i386.rpm	SHA-256: 90bb3e0d4408afaacf008301d54a8348cb6aed6832bdb9895e0b868260a3365f
gnutls-debuginfo-1.4.1-7.el5_8.2.i386.rpm	SHA-256: d256d8b18ae0ff97e24689ec570cd122b52a0058e39a7ee7ee7eb714cc28bc74
gnutls-devel-1.4.1-7.el5_8.2.i386.rpm	SHA-256: ae2ee270456bff90ea2e35d87fb0ef65bdda31914c92fd04debe467a12c1fac7
gnutls-utils-1.4.1-7.el5_8.2.i386.rpm	SHA-256: 98cc440275152e8a251d47afbe10c6f9c0b5ccf17eb540292362da5b4cf8ef98

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation