Synopsis: Moderate: gnutls security and bug fix update
Advisory ID: SLSA-2015:1457-1
Issue Date: 2015-07-22
CVE Numbers: CVE-2015-0282
CVE-2015-0294
CVE-2014-8155
—
It was found that GnuTLS did not check activation and expiration dates of
CA certificates. This could cause an application using GnuTLS to
incorrectly accept a certificate as valid when its issuing CA is already
expired. (CVE-2014-8155)
It was found that GnuTLS did not verify whether a hashing algorithm listed
in a signature matched the hashing algorithm listed in the certificate. An
attacker could create a certificate that used a different hashing
algorithm than it claimed, possibly causing GnuTLS to use an insecure,
disallowed hashing algorithm during certificate verification.
(CVE-2015-0282)
It was discovered that GnuTLS did not check if all sections of X.509
certificates indicate the same signature algorithm. This flaw, in
combination with a different flaw, could possibly lead to a bypass of the
certificate signature check. (CVE-2015-0294)
This update also fixes the following bug:
* Previously, under certain circumstances, the certtool utility could
generate X.509 certificates which contained a negative modulus.
Consequently, such certificates could have interoperation problems with
the software using them. The bug has been fixed, and certtool no longer
generates X.509 certificates containing a negative modulus.
—
SL6
x86_64
gnutls-2.8.5-18.el6.i686.rpm
gnutls-2.8.5-18.el6.x86_64.rpm
gnutls-debuginfo-2.8.5-18.el6.i686.rpm
gnutls-debuginfo-2.8.5-18.el6.x86_64.rpm
gnutls-utils-2.8.5-18.el6.x86_64.rpm
gnutls-devel-2.8.5-18.el6.i686.rpm
gnutls-devel-2.8.5-18.el6.x86_64.rpm
gnutls-guile-2.8.5-18.el6.i686.rpm
gnutls-guile-2.8.5-18.el6.x86_64.rpm
i386
gnutls-2.8.5-18.el6.i686.rpm
gnutls-debuginfo-2.8.5-18.el6.i686.rpm
gnutls-utils-2.8.5-18.el6.i686.rpm
gnutls-devel-2.8.5-18.el6.i686.rpm
gnutls-guile-2.8.5-18.el6.i686.rpm
– Scientific Linux Development Team
