Red Hat Product Errata RHSA-2014:0247 - Security Advisory
Issued:
2014-03-03
Updated:
2014-03-03

RHSA-2014:0247 - Security Advisory

Synopsis

Important: gnutls security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated gnutls packages that fix two security issues are now available for
Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

Description

The GnuTLS library provides support for cryptographic algorithms and for
protocols such as Transport Layer Security (TLS).

It was discovered that GnuTLS did not correctly handle certain errors that
could occur during the verification of an X.509 certificate, causing it to
incorrectly report a successful verification. An attacker could use this
flaw to create a specially crafted certificate that could be accepted by
GnuTLS as valid for a site chosen by the attacker. (CVE-2014-0092)

A flaw was found in the way GnuTLS handled version 1 X.509 certificates.
An attacker able to obtain a version 1 certificate from a trusted
certificate authority could use this flaw to issue certificates for other
sites that would be accepted by GnuTLS as valid. (CVE-2009-5138)

The CVE-2014-0092 issue was discovered by Nikos Mavrogiannopoulos of the
Red Hat Security Technologies Team.

Users of GnuTLS are advised to upgrade to these updated packages, which
correct these issues. For the update to take effect, all applications
linked to the GnuTLS library must be restarted.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 ia64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux Workstation 5 x86_64
  • Red Hat Enterprise Linux Workstation 5 i386
  • Red Hat Enterprise Linux Desktop 5 x86_64
  • Red Hat Enterprise Linux Desktop 5 i386
  • Red Hat Enterprise Linux for IBM z Systems 5 s390x
  • Red Hat Enterprise Linux for Power, big endian 5 ppc
  • Red Hat Enterprise Linux Server from RHUI 5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

  • BZ - 1069301 - CVE-2009-5138 gnutls: incorrect handling of V1 intermediate certificates
  • BZ - 1069865 - CVE-2014-0092 gnutls: incorrect error handling in certificate verification (GNUTLS-SA-2014-2)

Red Hat Enterprise Linux Server 5

SRPM
gnutls-1.4.1-14.el5_10.src.rpm SHA-256: 592a2722bc5afd226d87f57c7ffc1a1685d5d4385f17de521f903e13299a4051
x86_64
gnutls-1.4.1-14.el5_10.i386.rpm SHA-256: a2fc9afcedf53350578922799768efc59ad94d6f484fab6897d85346587e2b3e
gnutls-1.4.1-14.el5_10.x86_64.rpm SHA-256: 34504f9a260ed0b30560f9a1d1c22eb3e96002fb2067dad31239e3ecaac5d6d9
gnutls-debuginfo-1.4.1-14.el5_10.i386.rpm SHA-256: 78dc3dd1c42e64e8fa5750f69f79e8b3c650c26cb899ab4369cc8d87ab5f49c0
gnutls-debuginfo-1.4.1-14.el5_10.x86_64.rpm SHA-256: dc9cbd189478e313b684475161395a7875c45e2cbe2b779cafc6d1e9abf3cb43
gnutls-devel-1.4.1-14.el5_10.i386.rpm SHA-256: 46f53a90461909fb7a994411cfaa7140ad297811b7bc1012163a8f77bd5dd3c0
gnutls-devel-1.4.1-14.el5_10.x86_64.rpm SHA-256: 6d7d4f51b651c3d21ff480a68fdd1136583f64082c2c7260f07f92a7f9d30504
gnutls-utils-1.4.1-14.el5_10.x86_64.rpm SHA-256: d6d5588035808e9be59610c336bb005c3397ff9bfabd900137c778b9d2c54156
ia64
gnutls-1.4.1-14.el5_10.i386.rpm SHA-256: a2fc9afcedf53350578922799768efc59ad94d6f484fab6897d85346587e2b3e
gnutls-1.4.1-14.el5_10.ia64.rpm SHA-256: f5e13459a97db2a81fcc70ac7ec685f6102688cc748b1d60aaaec010a27fe929
gnutls-debuginfo-1.4.1-14.el5_10.i386.rpm SHA-256: 78dc3dd1c42e64e8fa5750f69f79e8b3c650c26cb899ab4369cc8d87ab5f49c0
gnutls-debuginfo-1.4.1-14.el5_10.ia64.rpm SHA-256: ca335f67228c7d77c596d53f0c0e2d5febdf6d43308f4c2374b248e1e321c8ec
gnutls-devel-1.4.1-14.el5_10.ia64.rpm SHA-256: 444e409622541be586906a5c8e7275cb16f36c58a153f76c02c2499f309773d0
gnutls-utils-1.4.1-14.el5_10.ia64.rpm SHA-256: 9149b408b47678268443a1080f01d1b765bbd2017597fa3960d1f776ee8c8023
i386
gnutls-1.4.1-14.el5_10.i386.rpm SHA-256: a2fc9afcedf53350578922799768efc59ad94d6f484fab6897d85346587e2b3e
gnutls-debuginfo-1.4.1-14.el5_10.i386.rpm SHA-256: 78dc3dd1c42e64e8fa5750f69f79e8b3c650c26cb899ab4369cc8d87ab5f49c0
gnutls-devel-1.4.1-14.el5_10.i386.rpm SHA-256: 46f53a90461909fb7a994411cfaa7140ad297811b7bc1012163a8f77bd5dd3c0
gnutls-utils-1.4.1-14.el5_10.i386.rpm SHA-256: d1c7dfc0f152736a9e9c0e588c5d2a51891add7fda19ad62d4ec0683bf7f1da0

Red Hat Enterprise Linux Workstation 5

SRPM
gnutls-1.4.1-14.el5_10.src.rpm SHA-256: 592a2722bc5afd226d87f57c7ffc1a1685d5d4385f17de521f903e13299a4051
x86_64
gnutls-1.4.1-14.el5_10.i386.rpm SHA-256: a2fc9afcedf53350578922799768efc59ad94d6f484fab6897d85346587e2b3e
gnutls-1.4.1-14.el5_10.x86_64.rpm SHA-256: 34504f9a260ed0b30560f9a1d1c22eb3e96002fb2067dad31239e3ecaac5d6d9
gnutls-debuginfo-1.4.1-14.el5_10.i386.rpm SHA-256: 78dc3dd1c42e64e8fa5750f69f79e8b3c650c26cb899ab4369cc8d87ab5f49c0
gnutls-debuginfo-1.4.1-14.el5_10.i386.rpm SHA-256: 78dc3dd1c42e64e8fa5750f69f79e8b3c650c26cb899ab4369cc8d87ab5f49c0
gnutls-debuginfo-1.4.1-14.el5_10.x86_64.rpm SHA-256: dc9cbd189478e313b684475161395a7875c45e2cbe2b779cafc6d1e9abf3cb43
gnutls-debuginfo-1.4.1-14.el5_10.x86_64.rpm SHA-256: dc9cbd189478e313b684475161395a7875c45e2cbe2b779cafc6d1e9abf3cb43
gnutls-devel-1.4.1-14.el5_10.i386.rpm SHA-256: 46f53a90461909fb7a994411cfaa7140ad297811b7bc1012163a8f77bd5dd3c0
gnutls-devel-1.4.1-14.el5_10.x86_64.rpm SHA-256: 6d7d4f51b651c3d21ff480a68fdd1136583f64082c2c7260f07f92a7f9d30504
gnutls-utils-1.4.1-14.el5_10.x86_64.rpm SHA-256: d6d5588035808e9be59610c336bb005c3397ff9bfabd900137c778b9d2c54156
i386
gnutls-1.4.1-14.el5_10.i386.rpm SHA-256: a2fc9afcedf53350578922799768efc59ad94d6f484fab6897d85346587e2b3e
gnutls-debuginfo-1.4.1-14.el5_10.i386.rpm SHA-256: 78dc3dd1c42e64e8fa5750f69f79e8b3c650c26cb899ab4369cc8d87ab5f49c0
gnutls-debuginfo-1.4.1-14.el5_10.i386.rpm SHA-256: 78dc3dd1c42e64e8fa5750f69f79e8b3c650c26cb899ab4369cc8d87ab5f49c0
gnutls-devel-1.4.1-14.el5_10.i386.rpm SHA-256: 46f53a90461909fb7a994411cfaa7140ad297811b7bc1012163a8f77bd5dd3c0
gnutls-utils-1.4.1-14.el5_10.i386.rpm SHA-256: d1c7dfc0f152736a9e9c0e588c5d2a51891add7fda19ad62d4ec0683bf7f1da0

Red Hat Enterprise Linux Desktop 5

SRPM
gnutls-1.4.1-14.el5_10.src.rpm SHA-256: 592a2722bc5afd226d87f57c7ffc1a1685d5d4385f17de521f903e13299a4051
x86_64
gnutls-1.4.1-14.el5_10.i386.rpm SHA-256: a2fc9afcedf53350578922799768efc59ad94d6f484fab6897d85346587e2b3e
gnutls-1.4.1-14.el5_10.x86_64.rpm SHA-256: 34504f9a260ed0b30560f9a1d1c22eb3e96002fb2067dad31239e3ecaac5d6d9
gnutls-debuginfo-1.4.1-14.el5_10.i386.rpm SHA-256: 78dc3dd1c42e64e8fa5750f69f79e8b3c650c26cb899ab4369cc8d87ab5f49c0
gnutls-debuginfo-1.4.1-14.el5_10.x86_64.rpm SHA-256: dc9cbd189478e313b684475161395a7875c45e2cbe2b779cafc6d1e9abf3cb43
gnutls-utils-1.4.1-14.el5_10.x86_64.rpm SHA-256: d6d5588035808e9be59610c336bb005c3397ff9bfabd900137c778b9d2c54156
i386
gnutls-1.4.1-14.el5_10.i386.rpm SHA-256: a2fc9afcedf53350578922799768efc59ad94d6f484fab6897d85346587e2b3e
gnutls-debuginfo-1.4.1-14.el5_10.i386.rpm SHA-256: 78dc3dd1c42e64e8fa5750f69f79e8b3c650c26cb899ab4369cc8d87ab5f49c0
gnutls-utils-1.4.1-14.el5_10.i386.rpm SHA-256: d1c7dfc0f152736a9e9c0e588c5d2a51891add7fda19ad62d4ec0683bf7f1da0

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
gnutls-1.4.1-14.el5_10.src.rpm SHA-256: 592a2722bc5afd226d87f57c7ffc1a1685d5d4385f17de521f903e13299a4051
s390x
gnutls-1.4.1-14.el5_10.s390.rpm SHA-256: 576212ca5e3ef0b98733a312c859256bcbe414b117dbed92bd33ea0ed0a468d6
gnutls-1.4.1-14.el5_10.s390x.rpm SHA-256: cfcf6af03998838c772a9ce7e54f36557b4512f24f50aba9f7c3153fb207d049
gnutls-debuginfo-1.4.1-14.el5_10.s390.rpm SHA-256: 9d3e90bd1c6dca897ff572b4070cf6e138e2055766635ed6eebb5a9b3c2d6a76
gnutls-debuginfo-1.4.1-14.el5_10.s390x.rpm SHA-256: a38e0a90b9a7dd953883d55a572c680850c33b8323ae129bb51bde3a127f7bde
gnutls-devel-1.4.1-14.el5_10.s390.rpm SHA-256: ede5b8a513555f0b5ced835f11d941bc8821b700ddfe51e34bcfb9798a761210
gnutls-devel-1.4.1-14.el5_10.s390x.rpm SHA-256: 08dfe136fb52bb8cc2dc6444190bc87e5eb5475d5298e0beecd5e9df6b9e358c
gnutls-utils-1.4.1-14.el5_10.s390x.rpm SHA-256: b57b6abdecf2c457387101e471023458af4b382f18ad9fbb72d4c85022392dcb

Red Hat Enterprise Linux for Power, big endian 5

SRPM
gnutls-1.4.1-14.el5_10.src.rpm SHA-256: 592a2722bc5afd226d87f57c7ffc1a1685d5d4385f17de521f903e13299a4051
ppc
gnutls-1.4.1-14.el5_10.ppc.rpm SHA-256: f7a034502da2f8640e2c117466f6d4bfbfd485dc5e764ee074dcfb67e44ff4e7
gnutls-1.4.1-14.el5_10.ppc64.rpm SHA-256: 87b032a9d6e77797fcc3210765258d0da7697da119e1836bc3606024b28b50f0
gnutls-debuginfo-1.4.1-14.el5_10.ppc.rpm SHA-256: 19b81ec6aef8ab846d8b352874c50e4d1a27b2e3c97c565530a5389b8a1a9119
gnutls-debuginfo-1.4.1-14.el5_10.ppc64.rpm SHA-256: 9ab1e9ea35b8bbf4d6acb4361243eca506dcf7634d5b1328462a3c46be247a00
gnutls-devel-1.4.1-14.el5_10.ppc.rpm SHA-256: 6f516e840174ab322cc50e4696722e34ed5ae5d0c4584306f921e6fc0ddc1f0a
gnutls-devel-1.4.1-14.el5_10.ppc64.rpm SHA-256: fa011220b10329c05a345c663b2887823e682464a35a777ed087e621823410e7
gnutls-utils-1.4.1-14.el5_10.ppc.rpm SHA-256: 7c80ead3eefa6df9b52b6df693ff978f60b6628cf5dbb581a432cdc11d08459c

Red Hat Enterprise Linux Server from RHUI 5

SRPM
gnutls-1.4.1-14.el5_10.src.rpm SHA-256: 592a2722bc5afd226d87f57c7ffc1a1685d5d4385f17de521f903e13299a4051
x86_64
gnutls-1.4.1-14.el5_10.i386.rpm SHA-256: a2fc9afcedf53350578922799768efc59ad94d6f484fab6897d85346587e2b3e
gnutls-1.4.1-14.el5_10.x86_64.rpm SHA-256: 34504f9a260ed0b30560f9a1d1c22eb3e96002fb2067dad31239e3ecaac5d6d9
gnutls-debuginfo-1.4.1-14.el5_10.i386.rpm SHA-256: 78dc3dd1c42e64e8fa5750f69f79e8b3c650c26cb899ab4369cc8d87ab5f49c0
gnutls-debuginfo-1.4.1-14.el5_10.x86_64.rpm SHA-256: dc9cbd189478e313b684475161395a7875c45e2cbe2b779cafc6d1e9abf3cb43
gnutls-devel-1.4.1-14.el5_10.i386.rpm SHA-256: 46f53a90461909fb7a994411cfaa7140ad297811b7bc1012163a8f77bd5dd3c0
gnutls-devel-1.4.1-14.el5_10.x86_64.rpm SHA-256: 6d7d4f51b651c3d21ff480a68fdd1136583f64082c2c7260f07f92a7f9d30504
gnutls-utils-1.4.1-14.el5_10.x86_64.rpm SHA-256: d6d5588035808e9be59610c336bb005c3397ff9bfabd900137c778b9d2c54156
i386
gnutls-1.4.1-14.el5_10.i386.rpm SHA-256: a2fc9afcedf53350578922799768efc59ad94d6f484fab6897d85346587e2b3e
gnutls-debuginfo-1.4.1-14.el5_10.i386.rpm SHA-256: 78dc3dd1c42e64e8fa5750f69f79e8b3c650c26cb899ab4369cc8d87ab5f49c0
gnutls-devel-1.4.1-14.el5_10.i386.rpm SHA-256: 46f53a90461909fb7a994411cfaa7140ad297811b7bc1012163a8f77bd5dd3c0
gnutls-utils-1.4.1-14.el5_10.i386.rpm SHA-256: d1c7dfc0f152736a9e9c0e588c5d2a51891add7fda19ad62d4ec0683bf7f1da0

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.