Skip to navigation

Security Advisory Important: gnutls security update

Advisory: RHSA-2012:0428-1
Type: Security Advisory
Severity: Important
Issued on: 2012-03-27
Last updated on: 2012-03-27
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
CVEs (cve.mitre.org): CVE-2011-4128
CVE-2012-1569
CVE-2012-1573

Details

Updated gnutls packages that fix three security issues are now available
for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

The GnuTLS library provides support for cryptographic algorithms and for
protocols such as Transport Layer Security (TLS). GnuTLS includes libtasn1,
a library developed for ASN.1 (Abstract Syntax Notation One) structures
management that includes DER (Distinguished Encoding Rules) encoding and
decoding.

A flaw was found in the way GnuTLS decrypted malformed TLS records. This
could cause a TLS/SSL client or server to crash when processing a
specially-crafted TLS record from a remote TLS/SSL connection peer.
(CVE-2012-1573)

A flaw was found in the way libtasn1 decoded DER data. An attacker could
create a carefully-crafted X.509 certificate that, when parsed by an
application that uses GnuTLS, could cause the application to crash.
(CVE-2012-1569)

A boundary error was found in the gnutls_session_get_data() function. A
malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or,
possibly, execute arbitrary code as the client, if the client passed a
fixed-sized buffer to gnutls_session_get_data() before checking the real
size of the session data provided by the server. (CVE-2011-4128)

Red Hat would like to thank Matthew Hall of Mu Dynamics for reporting
CVE-2012-1573 and CVE-2012-1569.

Users of GnuTLS are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. For the update to take
effect, all applications linked to the GnuTLS library must be restarted, or
the system rebooted.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
gnutls-1.4.1-7.el5_8.2.src.rpm
File outdated by:  RHSA-2014:0247
    MD5: 3a473fa7574ff4ae816bf6f21ef53f6a
SHA-256: 0bcbc53f2ae9d6bac04152ec1f74e932c04d5ef92ca77889b22a52896a3c86f4
 
IA-32:
gnutls-debuginfo-1.4.1-7.el5_8.2.i386.rpm
File outdated by:  RHSA-2014:0247
    MD5: 87dc78766d46f73a54293b47c107c5d4
SHA-256: d256d8b18ae0ff97e24689ec570cd122b52a0058e39a7ee7ee7eb714cc28bc74
gnutls-devel-1.4.1-7.el5_8.2.i386.rpm
File outdated by:  RHSA-2014:0247
    MD5: 8843f680ff0cf0051912693ba926a879
SHA-256: ae2ee270456bff90ea2e35d87fb0ef65bdda31914c92fd04debe467a12c1fac7
 
x86_64:
gnutls-debuginfo-1.4.1-7.el5_8.2.i386.rpm
File outdated by:  RHSA-2014:0247
    MD5: 87dc78766d46f73a54293b47c107c5d4
SHA-256: d256d8b18ae0ff97e24689ec570cd122b52a0058e39a7ee7ee7eb714cc28bc74
gnutls-debuginfo-1.4.1-7.el5_8.2.x86_64.rpm
File outdated by:  RHSA-2014:0247
    MD5: 291c1df00b751fd75f1486bf70d10ad5
SHA-256: 8584ab002ae679c4a850e7a837fc1729dc15f88416982c48c7b38003d7933350
gnutls-devel-1.4.1-7.el5_8.2.i386.rpm
File outdated by:  RHSA-2014:0247
    MD5: 8843f680ff0cf0051912693ba926a879
SHA-256: ae2ee270456bff90ea2e35d87fb0ef65bdda31914c92fd04debe467a12c1fac7
gnutls-devel-1.4.1-7.el5_8.2.x86_64.rpm
File outdated by:  RHSA-2014:0247
    MD5: f53f837d57d13760b74eab1bafd193a6
SHA-256: 400a59dc6bfe64a708d182659d22c5da90d9cd421655b73e32596953ef12dcaf
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
gnutls-1.4.1-7.el5_8.2.src.rpm
File outdated by:  RHSA-2014:0247
    MD5: 3a473fa7574ff4ae816bf6f21ef53f6a
SHA-256: 0bcbc53f2ae9d6bac04152ec1f74e932c04d5ef92ca77889b22a52896a3c86f4
 
IA-32:
gnutls-1.4.1-7.el5_8.2.i386.rpm
File outdated by:  RHSA-2014:0247
    MD5: 161106858fc6a2de0b2cf28262c7c532
SHA-256: 90bb3e0d4408afaacf008301d54a8348cb6aed6832bdb9895e0b868260a3365f
gnutls-debuginfo-1.4.1-7.el5_8.2.i386.rpm
File outdated by:  RHSA-2014:0247
    MD5: 87dc78766d46f73a54293b47c107c5d4
SHA-256: d256d8b18ae0ff97e24689ec570cd122b52a0058e39a7ee7ee7eb714cc28bc74
gnutls-devel-1.4.1-7.el5_8.2.i386.rpm
File outdated by:  RHSA-2014:0247
    MD5: 8843f680ff0cf0051912693ba926a879
SHA-256: ae2ee270456bff90ea2e35d87fb0ef65bdda31914c92fd04debe467a12c1fac7
gnutls-utils-1.4.1-7.el5_8.2.i386.rpm
File outdated by:  RHSA-2014:0247
    MD5: 03166fe2c969fd7dd27054ab6a922cfb
SHA-256: 98cc440275152e8a251d47afbe10c6f9c0b5ccf17eb540292362da5b4cf8ef98
 
IA-64:
gnutls-1.4.1-7.el5_8.2.i386.rpm
File outdated by:  RHSA-2014:0247
    MD5: 161106858fc6a2de0b2cf28262c7c532
SHA-256: 90bb3e0d4408afaacf008301d54a8348cb6aed6832bdb9895e0b868260a3365f
gnutls-1.4.1-7.el5_8.2.ia64.rpm
File outdated by:  RHSA-2014:0247
    MD5: e058b8ef1cc5b6b9d6da93b14d6b806d
SHA-256: 2a8b802f46ff1244c58069c8d7fc7623d939d1559a07774f0d2b7b6afcd5faa5
gnutls-debuginfo-1.4.1-7.el5_8.2.i386.rpm
File outdated by:  RHSA-2014:0247
    MD5: 87dc78766d46f73a54293b47c107c5d4
SHA-256: d256d8b18ae0ff97e24689ec570cd122b52a0058e39a7ee7ee7eb714cc28bc74
gnutls-debuginfo-1.4.1-7.el5_8.2.ia64.rpm
File outdated by:  RHSA-2014:0247
    MD5: be79f362f54ecd731028c3782de691e4
SHA-256: 2ccc618678554ecbc3e97d90725433af3268b58140c79b5e370ba20c73bba2c7
gnutls-devel-1.4.1-7.el5_8.2.ia64.rpm
File outdated by:  RHSA-2014:0247
    MD5: 788fe29180653c80a3bed642d610af5e
SHA-256: 5825bfcf3d64cadf13a78757728faa4644d757d8df5b1bb04dfb91db100efab4
gnutls-utils-1.4.1-7.el5_8.2.ia64.rpm
File outdated by:  RHSA-2014:0247
    MD5: 2fbb8e68931759acf524f914134ba0e2
SHA-256: 06a2ee01389ffa44a487f64281345c3cf3c13cbd32c78442d90d697fd1985181
 
PPC:
gnutls-1.4.1-7.el5_8.2.ppc.rpm
File outdated by:  RHSA-2014:0247
    MD5: 1684a1e2967910a83ccd3fe2ba2749f0
SHA-256: e6c25b35ebd933e30bffbb92e865e8017533a9272c9b2652c1d75557e45334be
gnutls-1.4.1-7.el5_8.2.ppc64.rpm
File outdated by:  RHSA-2014:0247
    MD5: 6389a61618cde7408948ff1ea94d6c59
SHA-256: 2883ecc82b31bae28725a23e620d65599caac633e53288137bd7e2a1699d66e9
gnutls-debuginfo-1.4.1-7.el5_8.2.ppc.rpm
File outdated by:  RHSA-2014:0247
    MD5: 756604f9a79ceaa48ed573fd7c0bc56e
SHA-256: 9c392cc7a761c2003594887fd2f6abd1f0cdda688e4ba17c18aa86562d70d4b1
gnutls-debuginfo-1.4.1-7.el5_8.2.ppc64.rpm
File outdated by:  RHSA-2014:0247
    MD5: 7efd0dbacf81a765cd31b76c7071e8ad
SHA-256: e4730eab966c56492cfc72d0382a8d68b975cf7d784284b848b6dcde4b35fc81
gnutls-devel-1.4.1-7.el5_8.2.ppc.rpm
File outdated by:  RHSA-2014:0247
    MD5: 29659b49cbd032ea2fd1a30ec62833a2
SHA-256: 8a2048dc74b7daa054d636aab01350a17f421aab15a12b07a23e61b15e1e4087
gnutls-devel-1.4.1-7.el5_8.2.ppc64.rpm
File outdated by:  RHSA-2014:0247
    MD5: be6b0fd8b801599b781b35e53556ae22
SHA-256: fde1d755715456966e654703f336726c99681971b1e61acb22480e65b60e9c26
gnutls-utils-1.4.1-7.el5_8.2.ppc.rpm
File outdated by:  RHSA-2014:0247
    MD5: 6029bd57edb97e891b8726c3a8fa718b
SHA-256: ad9896ba8ddfb0a04f4bc20297ac576d9b95c93c2e02e8f3c17d974814151180
 
s390x:
gnutls-1.4.1-7.el5_8.2.s390.rpm
File outdated by:  RHSA-2014:0247
    MD5: c73d66dd7df47cedeea5a78668e4aa22
SHA-256: 1b521f347fdc26131e98fcc23eb553cfadc2917a7ea1e09375f0d09bc3d72305
gnutls-1.4.1-7.el5_8.2.s390x.rpm
File outdated by:  RHSA-2014:0247
    MD5: 9284ac6f69d66f74e3b18058ee1f0bb7
SHA-256: 2be0cba812ab5fb8b284370c1fdee5be6eb9ef8e58c11e91b78ac5dc4c21ff19
gnutls-debuginfo-1.4.1-7.el5_8.2.s390.rpm
File outdated by:  RHSA-2014:0247
    MD5: 8e90b428318fe47e5894e1f7341fc087
SHA-256: f009a7965cab8a1a2ba420eb84a2ac27292d2d4355df1f30730fd3467eba0303
gnutls-debuginfo-1.4.1-7.el5_8.2.s390x.rpm
File outdated by:  RHSA-2014:0247
    MD5: 6e45ee1aa4314837794ab5f4483757be
SHA-256: 749ae5f2b811c10215f452b64a25b3893afde5956ba980bd614ec5ca5a37b0cb
gnutls-devel-1.4.1-7.el5_8.2.s390.rpm
File outdated by:  RHSA-2014:0247
    MD5: 57eb9873035ce11e742ca482f9bd426a
SHA-256: bda2650de9af3c2353b148c245db95f926f59d4c106728c3ce8267446f1c3261
gnutls-devel-1.4.1-7.el5_8.2.s390x.rpm
File outdated by:  RHSA-2014:0247
    MD5: 5ec561f76d06dc503e5282a75c3b9a35
SHA-256: 8df33aa0783634ee4dda9ff3d49232d52b9e811ecf060a046769ca0fdc9738f9
gnutls-utils-1.4.1-7.el5_8.2.s390x.rpm
File outdated by:  RHSA-2014:0247
    MD5: 87e88b5ee3cbaccb6222553d01ea9ecc
SHA-256: 5d78572968ebb4d8903fc21d90f2d12c1a23fad4b87145b931f0fe74aeb534d3
 
x86_64:
gnutls-1.4.1-7.el5_8.2.i386.rpm
File outdated by:  RHSA-2014:0247
    MD5: 161106858fc6a2de0b2cf28262c7c532
SHA-256: 90bb3e0d4408afaacf008301d54a8348cb6aed6832bdb9895e0b868260a3365f
gnutls-1.4.1-7.el5_8.2.x86_64.rpm
File outdated by:  RHSA-2014:0247
    MD5: 171108a1de10eb481ff6284291273fd6
SHA-256: f5657f280470a457063a6290de46776ce4872353eb28c12d0e646244b748feab
gnutls-debuginfo-1.4.1-7.el5_8.2.i386.rpm
File outdated by:  RHSA-2014:0247
    MD5: 87dc78766d46f73a54293b47c107c5d4
SHA-256: d256d8b18ae0ff97e24689ec570cd122b52a0058e39a7ee7ee7eb714cc28bc74
gnutls-debuginfo-1.4.1-7.el5_8.2.x86_64.rpm
File outdated by:  RHSA-2014:0247
    MD5: 291c1df00b751fd75f1486bf70d10ad5
SHA-256: 8584ab002ae679c4a850e7a837fc1729dc15f88416982c48c7b38003d7933350
gnutls-devel-1.4.1-7.el5_8.2.i386.rpm
File outdated by:  RHSA-2014:0247
    MD5: 8843f680ff0cf0051912693ba926a879
SHA-256: ae2ee270456bff90ea2e35d87fb0ef65bdda31914c92fd04debe467a12c1fac7
gnutls-devel-1.4.1-7.el5_8.2.x86_64.rpm
File outdated by:  RHSA-2014:0247
    MD5: f53f837d57d13760b74eab1bafd193a6
SHA-256: 400a59dc6bfe64a708d182659d22c5da90d9cd421655b73e32596953ef12dcaf
gnutls-utils-1.4.1-7.el5_8.2.x86_64.rpm
File outdated by:  RHSA-2014:0247
    MD5: c55931cce0b5f038ee4996c2cd37cefc
SHA-256: 184c5bd92659511ebc4f3636ace2c5b80de7cc94c2c8f32753c440eeb41e6d82
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
gnutls-1.4.1-7.el5_8.2.src.rpm
File outdated by:  RHSA-2014:0247
    MD5: 3a473fa7574ff4ae816bf6f21ef53f6a
SHA-256: 0bcbc53f2ae9d6bac04152ec1f74e932c04d5ef92ca77889b22a52896a3c86f4
 
IA-32:
gnutls-1.4.1-7.el5_8.2.i386.rpm
File outdated by:  RHSA-2014:0247
    MD5: 161106858fc6a2de0b2cf28262c7c532
SHA-256: 90bb3e0d4408afaacf008301d54a8348cb6aed6832bdb9895e0b868260a3365f
gnutls-debuginfo-1.4.1-7.el5_8.2.i386.rpm
File outdated by:  RHSA-2014:0247
    MD5: 87dc78766d46f73a54293b47c107c5d4
SHA-256: d256d8b18ae0ff97e24689ec570cd122b52a0058e39a7ee7ee7eb714cc28bc74
gnutls-utils-1.4.1-7.el5_8.2.i386.rpm
File outdated by:  RHSA-2014:0247
    MD5: 03166fe2c969fd7dd27054ab6a922cfb
SHA-256: 98cc440275152e8a251d47afbe10c6f9c0b5ccf17eb540292362da5b4cf8ef98
 
x86_64:
gnutls-1.4.1-7.el5_8.2.i386.rpm
File outdated by:  RHSA-2014:0247
    MD5: 161106858fc6a2de0b2cf28262c7c532
SHA-256: 90bb3e0d4408afaacf008301d54a8348cb6aed6832bdb9895e0b868260a3365f
gnutls-1.4.1-7.el5_8.2.x86_64.rpm
File outdated by:  RHSA-2014:0247
    MD5: 171108a1de10eb481ff6284291273fd6
SHA-256: f5657f280470a457063a6290de46776ce4872353eb28c12d0e646244b748feab
gnutls-debuginfo-1.4.1-7.el5_8.2.i386.rpm
File outdated by:  RHSA-2014:0247
    MD5: 87dc78766d46f73a54293b47c107c5d4
SHA-256: d256d8b18ae0ff97e24689ec570cd122b52a0058e39a7ee7ee7eb714cc28bc74
gnutls-debuginfo-1.4.1-7.el5_8.2.x86_64.rpm
File outdated by:  RHSA-2014:0247
    MD5: 291c1df00b751fd75f1486bf70d10ad5
SHA-256: 8584ab002ae679c4a850e7a837fc1729dc15f88416982c48c7b38003d7933350
gnutls-utils-1.4.1-7.el5_8.2.x86_64.rpm
File outdated by:  RHSA-2014:0247
    MD5: c55931cce0b5f038ee4996c2cd37cefc
SHA-256: 184c5bd92659511ebc4f3636ace2c5b80de7cc94c2c8f32753c440eeb41e6d82
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

752308 - CVE-2011-4128 gnutls: buffer overflow in gnutls_session_get_data() (GNUTLS-SA-2011-2)
804920 - CVE-2012-1569 libtasn1: DER decoding buffer overflow (GNUTLS-SA-2012-3, MU-201202-02)
805432 - CVE-2012-1573 gnutls: TLS record handling issue (GNUTLS-SA-2012-2, MU-201202-01)


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/