Security Advisory Moderate: gnutls security update

Advisory: RHSA-2009:1232-1
Type: Security Advisory
Severity: Moderate
Issued on: 2009-08-26
Last updated on: 2009-08-26
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux AS (v. 4.8.z)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux ES (v. 4.8.z)
Red Hat Enterprise Linux EUS (v. 5.3.z server)
Red Hat Enterprise Linux WS (v. 4)
OVAL: com.redhat.rhsa-20091232.xml
CVEs (cve.mitre.org): CVE-2009-2730

Details

Updated gnutls packages that fix a security issue are now available for Red
Hat Enterprise Linux 4 and 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

The GnuTLS library provides support for cryptographic algorithms and for
protocols such as Transport Layer Security (TLS).

A flaw was discovered in the way GnuTLS handles NULL characters in certain
fields of X.509 certificates. If an attacker is able to get a
carefully-crafted certificate signed by a Certificate Authority trusted by
an application using GnuTLS, the attacker could use the certificate during
a man-in-the-middle attack and potentially confuse the application into
accepting it by mistake. (CVE-2009-2730)

Users of GnuTLS are advised to upgrade to these updated packages, which
contain a backported patch that corrects this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

RHEL Desktop Workstation (v. 5 client)
SRPMS:
gnutls-1.4.1-3.el5_3.5.src.rpm     7e9e03f1d02f672a3e5854b113e028e2
 
IA-32:
gnutls-devel-1.4.1-3.el5_3.5.i386.rpm     b9655498da1f18bb697eb954d574e913
 
x86_64:
gnutls-devel-1.4.1-3.el5_3.5.i386.rpm     b9655498da1f18bb697eb954d574e913
gnutls-devel-1.4.1-3.el5_3.5.x86_64.rpm     9943a59f59579c86effe42253ec95ae2
 
Red Hat Desktop (v. 4)
SRPMS:
gnutls-1.0.20-4.el4_8.3.src.rpm     d947a13dd90531c4a2388334f281005e
 
IA-32:
gnutls-1.0.20-4.el4_8.3.i386.rpm     a1afcfe8257b061776db1e9fef75c388
gnutls-devel-1.0.20-4.el4_8.3.i386.rpm     eaaad9b12db137121b2ed109ddfc541a
 
x86_64:
gnutls-1.0.20-4.el4_8.3.i386.rpm     a1afcfe8257b061776db1e9fef75c388
gnutls-1.0.20-4.el4_8.3.x86_64.rpm     d9f73ff859f70954b772e9209ee00df8
gnutls-devel-1.0.20-4.el4_8.3.x86_64.rpm     6575fc005aeaa4b80b2982791e42b884
 
Red Hat Enterprise Linux (v. 5 server)
SRPMS:
gnutls-1.4.1-3.el5_3.5.src.rpm     7e9e03f1d02f672a3e5854b113e028e2
 
IA-32:
gnutls-1.4.1-3.el5_3.5.i386.rpm     b5f9d432291d311f89076a9fb1fb82eb
gnutls-devel-1.4.1-3.el5_3.5.i386.rpm     b9655498da1f18bb697eb954d574e913
gnutls-utils-1.4.1-3.el5_3.5.i386.rpm     b337d8b3be6aa3c48fc7fd729dea897b
 
IA-64:
gnutls-1.4.1-3.el5_3.5.i386.rpm     b5f9d432291d311f89076a9fb1fb82eb
gnutls-1.4.1-3.el5_3.5.ia64.rpm     7f1b5c38990b43d3e2699f5a9af1fb5e
gnutls-devel-1.4.1-3.el5_3.5.ia64.rpm     38392c06a34032fe64803e0a4da48d14
gnutls-utils-1.4.1-3.el5_3.5.ia64.rpm     08b4f0b29363dfbc628f2aa293f7c3ce
 
PPC:
gnutls-1.4.1-3.el5_3.5.ppc.rpm     735752b30517a2c20036ba2b8a1c7f34
gnutls-1.4.1-3.el5_3.5.ppc64.rpm     14f2fd2985eeabf68792dd03d48070e4
gnutls-devel-1.4.1-3.el5_3.5.ppc.rpm     0e888f4865d0e76665ed3ee3f0c32e10
gnutls-devel-1.4.1-3.el5_3.5.ppc64.rpm     62407d085d1f40b00ec3a991d6b8ee21
gnutls-utils-1.4.1-3.el5_3.5.ppc.rpm     62237ef2254ce6898782b75c163da269
 
s390x:
gnutls-1.4.1-3.el5_3.5.s390.rpm     35f4a61f12787b8e088d82de8031f005
gnutls-1.4.1-3.el5_3.5.s390x.rpm     7ee903f55c0990bdfd68a21270afed41
gnutls-devel-1.4.1-3.el5_3.5.s390.rpm     662676547fcfc2ef0585fb24791a8a08
gnutls-devel-1.4.1-3.el5_3.5.s390x.rpm     2f01bfdd1ce29d761ad9bece430f35fa
gnutls-utils-1.4.1-3.el5_3.5.s390x.rpm     9e59f1080f5a48867202bed610697001
 
x86_64:
gnutls-1.4.1-3.el5_3.5.i386.rpm     b5f9d432291d311f89076a9fb1fb82eb
gnutls-1.4.1-3.el5_3.5.x86_64.rpm     a93736fcd922cfd880bc614dc875feec
gnutls-devel-1.4.1-3.el5_3.5.i386.rpm     b9655498da1f18bb697eb954d574e913
gnutls-devel-1.4.1-3.el5_3.5.x86_64.rpm     9943a59f59579c86effe42253ec95ae2
gnutls-utils-1.4.1-3.el5_3.5.x86_64.rpm     fb82ee65263a28ba367c1e1fb0fad22b
 
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
gnutls-1.0.20-4.el4_8.3.src.rpm     d947a13dd90531c4a2388334f281005e
 
IA-32:
gnutls-1.0.20-4.el4_8.3.i386.rpm     a1afcfe8257b061776db1e9fef75c388
gnutls-devel-1.0.20-4.el4_8.3.i386.rpm     eaaad9b12db137121b2ed109ddfc541a
 
IA-64:
gnutls-1.0.20-4.el4_8.3.i386.rpm     a1afcfe8257b061776db1e9fef75c388
gnutls-1.0.20-4.el4_8.3.ia64.rpm     5fc5a4195170e233baa4a88f35424a47
gnutls-devel-1.0.20-4.el4_8.3.ia64.rpm     1d00f714c33f9ecbd3a05df3f05c7b79
 
PPC:
gnutls-1.0.20-4.el4_8.3.ppc.rpm     a2924e291c7cec87225a1b170f441cdf
gnutls-1.0.20-4.el4_8.3.ppc64.rpm     1eaeb56931ce6f27928582e5d782b249
gnutls-devel-1.0.20-4.el4_8.3.ppc.rpm     8b4d51774cd8c26c75bd25ed7cfecb1f
 
s390:
gnutls-1.0.20-4.el4_8.3.s390.rpm     297334366b35c72f28353750a72a70e0
gnutls-devel-1.0.20-4.el4_8.3.s390.rpm     927106bf8db79acdf0faf3c73d750406
 
s390x:
gnutls-1.0.20-4.el4_8.3.s390.rpm     297334366b35c72f28353750a72a70e0
gnutls-1.0.20-4.el4_8.3.s390x.rpm     d1383951b2698ae84d210b64ffe83947
gnutls-devel-1.0.20-4.el4_8.3.s390x.rpm     a6e1d0e1b2f73f83954af37d17cbd6f2
 
x86_64:
gnutls-1.0.20-4.el4_8.3.i386.rpm     a1afcfe8257b061776db1e9fef75c388
gnutls-1.0.20-4.el4_8.3.x86_64.rpm     d9f73ff859f70954b772e9209ee00df8
gnutls-devel-1.0.20-4.el4_8.3.x86_64.rpm     6575fc005aeaa4b80b2982791e42b884
 
Red Hat Enterprise Linux AS (v. 4.8.z)
SRPMS:
gnutls-1.0.20-4.el4_8.3.src.rpm     d947a13dd90531c4a2388334f281005e
 
IA-32:
gnutls-1.0.20-4.el4_8.3.i386.rpm     a1afcfe8257b061776db1e9fef75c388
gnutls-devel-1.0.20-4.el4_8.3.i386.rpm     eaaad9b12db137121b2ed109ddfc541a
 
IA-64:
gnutls-1.0.20-4.el4_8.3.i386.rpm     a1afcfe8257b061776db1e9fef75c388
gnutls-1.0.20-4.el4_8.3.ia64.rpm     5fc5a4195170e233baa4a88f35424a47
gnutls-devel-1.0.20-4.el4_8.3.ia64.rpm     1d00f714c33f9ecbd3a05df3f05c7b79
 
PPC:
gnutls-1.0.20-4.el4_8.3.ppc.rpm     a2924e291c7cec87225a1b170f441cdf
gnutls-1.0.20-4.el4_8.3.ppc64.rpm     1eaeb56931ce6f27928582e5d782b249
gnutls-devel-1.0.20-4.el4_8.3.ppc.rpm     8b4d51774cd8c26c75bd25ed7cfecb1f
 
s390:
gnutls-1.0.20-4.el4_8.3.s390.rpm     297334366b35c72f28353750a72a70e0
gnutls-devel-1.0.20-4.el4_8.3.s390.rpm     927106bf8db79acdf0faf3c73d750406
 
s390x:
gnutls-1.0.20-4.el4_8.3.s390.rpm     297334366b35c72f28353750a72a70e0
gnutls-1.0.20-4.el4_8.3.s390x.rpm     d1383951b2698ae84d210b64ffe83947
gnutls-devel-1.0.20-4.el4_8.3.s390x.rpm     a6e1d0e1b2f73f83954af37d17cbd6f2
 
x86_64:
gnutls-1.0.20-4.el4_8.3.i386.rpm     a1afcfe8257b061776db1e9fef75c388
gnutls-1.0.20-4.el4_8.3.x86_64.rpm     d9f73ff859f70954b772e9209ee00df8
gnutls-devel-1.0.20-4.el4_8.3.x86_64.rpm     6575fc005aeaa4b80b2982791e42b884
 
Red Hat Enterprise Linux Desktop (v. 5 client)
SRPMS:
gnutls-1.4.1-3.el5_3.5.src.rpm     7e9e03f1d02f672a3e5854b113e028e2
 
IA-32:
gnutls-1.4.1-3.el5_3.5.i386.rpm     b5f9d432291d311f89076a9fb1fb82eb
gnutls-utils-1.4.1-3.el5_3.5.i386.rpm     b337d8b3be6aa3c48fc7fd729dea897b
 
x86_64:
gnutls-1.4.1-3.el5_3.5.i386.rpm     b5f9d432291d311f89076a9fb1fb82eb
gnutls-1.4.1-3.el5_3.5.x86_64.rpm     a93736fcd922cfd880bc614dc875feec
gnutls-utils-1.4.1-3.el5_3.5.x86_64.rpm     fb82ee65263a28ba367c1e1fb0fad22b
 
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
gnutls-1.0.20-4.el4_8.3.src.rpm     d947a13dd90531c4a2388334f281005e
 
IA-32:
gnutls-1.0.20-4.el4_8.3.i386.rpm     a1afcfe8257b061776db1e9fef75c388
gnutls-devel-1.0.20-4.el4_8.3.i386.rpm     eaaad9b12db137121b2ed109ddfc541a
 
IA-64:
gnutls-1.0.20-4.el4_8.3.i386.rpm     a1afcfe8257b061776db1e9fef75c388
gnutls-1.0.20-4.el4_8.3.ia64.rpm     5fc5a4195170e233baa4a88f35424a47
gnutls-devel-1.0.20-4.el4_8.3.ia64.rpm     1d00f714c33f9ecbd3a05df3f05c7b79
 
x86_64:
gnutls-1.0.20-4.el4_8.3.i386.rpm     a1afcfe8257b061776db1e9fef75c388
gnutls-1.0.20-4.el4_8.3.x86_64.rpm     d9f73ff859f70954b772e9209ee00df8
gnutls-devel-1.0.20-4.el4_8.3.x86_64.rpm     6575fc005aeaa4b80b2982791e42b884
 
Red Hat Enterprise Linux ES (v. 4.8.z)
SRPMS:
gnutls-1.0.20-4.el4_8.3.src.rpm     d947a13dd90531c4a2388334f281005e
 
IA-32:
gnutls-1.0.20-4.el4_8.3.i386.rpm     a1afcfe8257b061776db1e9fef75c388
gnutls-devel-1.0.20-4.el4_8.3.i386.rpm     eaaad9b12db137121b2ed109ddfc541a
 
IA-64:
gnutls-1.0.20-4.el4_8.3.i386.rpm     a1afcfe8257b061776db1e9fef75c388
gnutls-1.0.20-4.el4_8.3.ia64.rpm     5fc5a4195170e233baa4a88f35424a47
gnutls-devel-1.0.20-4.el4_8.3.ia64.rpm     1d00f714c33f9ecbd3a05df3f05c7b79
 
x86_64:
gnutls-1.0.20-4.el4_8.3.i386.rpm     a1afcfe8257b061776db1e9fef75c388
gnutls-1.0.20-4.el4_8.3.x86_64.rpm     d9f73ff859f70954b772e9209ee00df8
gnutls-devel-1.0.20-4.el4_8.3.x86_64.rpm     6575fc005aeaa4b80b2982791e42b884
 
Red Hat Enterprise Linux EUS (v. 5.3.z server)
SRPMS:
gnutls-1.4.1-3.el5_3.5.src.rpm     7e9e03f1d02f672a3e5854b113e028e2
 
IA-32:
gnutls-1.4.1-3.el5_3.5.i386.rpm     b5f9d432291d311f89076a9fb1fb82eb
gnutls-devel-1.4.1-3.el5_3.5.i386.rpm     b9655498da1f18bb697eb954d574e913
gnutls-utils-1.4.1-3.el5_3.5.i386.rpm     b337d8b3be6aa3c48fc7fd729dea897b
 
IA-64:
gnutls-1.4.1-3.el5_3.5.i386.rpm     b5f9d432291d311f89076a9fb1fb82eb
gnutls-1.4.1-3.el5_3.5.ia64.rpm     7f1b5c38990b43d3e2699f5a9af1fb5e
gnutls-devel-1.4.1-3.el5_3.5.ia64.rpm     38392c06a34032fe64803e0a4da48d14
gnutls-utils-1.4.1-3.el5_3.5.ia64.rpm     08b4f0b29363dfbc628f2aa293f7c3ce
 
PPC:
gnutls-1.4.1-3.el5_3.5.ppc.rpm     735752b30517a2c20036ba2b8a1c7f34
gnutls-1.4.1-3.el5_3.5.ppc64.rpm     14f2fd2985eeabf68792dd03d48070e4
gnutls-devel-1.4.1-3.el5_3.5.ppc.rpm     0e888f4865d0e76665ed3ee3f0c32e10
gnutls-devel-1.4.1-3.el5_3.5.ppc64.rpm     62407d085d1f40b00ec3a991d6b8ee21
gnutls-utils-1.4.1-3.el5_3.5.ppc.rpm     62237ef2254ce6898782b75c163da269
 
s390x:
gnutls-1.4.1-3.el5_3.5.s390.rpm     35f4a61f12787b8e088d82de8031f005
gnutls-1.4.1-3.el5_3.5.s390x.rpm     7ee903f55c0990bdfd68a21270afed41
gnutls-devel-1.4.1-3.el5_3.5.s390.rpm     662676547fcfc2ef0585fb24791a8a08
gnutls-devel-1.4.1-3.el5_3.5.s390x.rpm     2f01bfdd1ce29d761ad9bece430f35fa
gnutls-utils-1.4.1-3.el5_3.5.s390x.rpm     9e59f1080f5a48867202bed610697001
 
x86_64:
gnutls-1.4.1-3.el5_3.5.i386.rpm     b5f9d432291d311f89076a9fb1fb82eb
gnutls-1.4.1-3.el5_3.5.x86_64.rpm     a93736fcd922cfd880bc614dc875feec
gnutls-devel-1.4.1-3.el5_3.5.i386.rpm     b9655498da1f18bb697eb954d574e913
gnutls-devel-1.4.1-3.el5_3.5.x86_64.rpm     9943a59f59579c86effe42253ec95ae2
gnutls-utils-1.4.1-3.el5_3.5.x86_64.rpm     fb82ee65263a28ba367c1e1fb0fad22b
 
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
gnutls-1.0.20-4.el4_8.3.src.rpm     d947a13dd90531c4a2388334f281005e
 
IA-32:
gnutls-1.0.20-4.el4_8.3.i386.rpm     a1afcfe8257b061776db1e9fef75c388
gnutls-devel-1.0.20-4.el4_8.3.i386.rpm     eaaad9b12db137121b2ed109ddfc541a
 
IA-64:
gnutls-1.0.20-4.el4_8.3.i386.rpm     a1afcfe8257b061776db1e9fef75c388
gnutls-1.0.20-4.el4_8.3.ia64.rpm     5fc5a4195170e233baa4a88f35424a47
gnutls-devel-1.0.20-4.el4_8.3.ia64.rpm     1d00f714c33f9ecbd3a05df3f05c7b79
 
x86_64:
gnutls-1.0.20-4.el4_8.3.i386.rpm     a1afcfe8257b061776db1e9fef75c388
gnutls-1.0.20-4.el4_8.3.x86_64.rpm     d9f73ff859f70954b772e9209ee00df8
gnutls-devel-1.0.20-4.el4_8.3.x86_64.rpm     6575fc005aeaa4b80b2982791e42b884
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

516231 - CVE-2009-2730 gnutls: incorrect verification of SSL certificate with NUL in name (GNUTLS-SA-2009-4)


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2730
http://www.redhat.com/security/updates/classification/#moderate

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/