Security Advisory Important: gnutls security update

Advisory: RHSA-2014:0247-1
Type: Security Advisory
Severity: Important
Issued on: 2014-03-03
Last updated on: 2014-03-03
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
CVEs (cve.mitre.org): CVE-2009-5138
CVE-2014-0092

Details

Updated gnutls packages that fix two security issues are now available for
Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

The GnuTLS library provides support for cryptographic algorithms and for
protocols such as Transport Layer Security (TLS).

It was discovered that GnuTLS did not correctly handle certain errors that
could occur during the verification of an X.509 certificate, causing it to
incorrectly report a successful verification. An attacker could use this
flaw to create a specially crafted certificate that could be accepted by
GnuTLS as valid for a site chosen by the attacker. (CVE-2014-0092)

A flaw was found in the way GnuTLS handled version 1 X.509 certificates.
An attacker able to obtain a version 1 certificate from a trusted
certificate authority could use this flaw to issue certificates for other
sites that would be accepted by GnuTLS as valid. (CVE-2009-5138)

The CVE-2014-0092 issue was discovered by Nikos Mavrogiannopoulos of the
Red Hat Security Technologies Team.

Users of GnuTLS are advised to upgrade to these updated packages, which
correct these issues. For the update to take effect, all applications
linked to the GnuTLS library must be restarted.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Updated packages

RHEL Desktop Workstation (v. 5 client)

IA-32:
gnutls-debuginfo-1.4.1-14.el5_10.i386.rpm
File outdated by:  RHSA-2014:0594
    MD5: 68ad82e28ef195a3b49696a621b53c93
SHA-256: 78dc3dd1c42e64e8fa5750f69f79e8b3c650c26cb899ab4369cc8d87ab5f49c0
gnutls-devel-1.4.1-14.el5_10.i386.rpm
File outdated by:  RHSA-2014:0594
    MD5: 5804fd3007b3cf4a355ba020a3682b80
SHA-256: 46f53a90461909fb7a994411cfaa7140ad297811b7bc1012163a8f77bd5dd3c0
 
x86_64:
gnutls-debuginfo-1.4.1-14.el5_10.i386.rpm
File outdated by:  RHSA-2014:0594
    MD5: 68ad82e28ef195a3b49696a621b53c93
SHA-256: 78dc3dd1c42e64e8fa5750f69f79e8b3c650c26cb899ab4369cc8d87ab5f49c0
gnutls-debuginfo-1.4.1-14.el5_10.x86_64.rpm
File outdated by:  RHSA-2014:0594
    MD5: aa941b3313fede8472e019dc48c3d918
SHA-256: dc9cbd189478e313b684475161395a7875c45e2cbe2b779cafc6d1e9abf3cb43
gnutls-devel-1.4.1-14.el5_10.i386.rpm
File outdated by:  RHSA-2014:0594
    MD5: 5804fd3007b3cf4a355ba020a3682b80
SHA-256: 46f53a90461909fb7a994411cfaa7140ad297811b7bc1012163a8f77bd5dd3c0
gnutls-devel-1.4.1-14.el5_10.x86_64.rpm
File outdated by:  RHSA-2014:0594
    MD5: 86e454e9e9360ef1dd3fa308f90f55e3
SHA-256: 6d7d4f51b651c3d21ff480a68fdd1136583f64082c2c7260f07f92a7f9d30504
 
Red Hat Enterprise Linux (v. 5 server)

IA-32:
gnutls-1.4.1-14.el5_10.i386.rpm
File outdated by:  RHSA-2014:0594
    MD5: e161485f55cf03853982ed4ed3487b6e
SHA-256: a2fc9afcedf53350578922799768efc59ad94d6f484fab6897d85346587e2b3e
gnutls-debuginfo-1.4.1-14.el5_10.i386.rpm
File outdated by:  RHSA-2014:0594
    MD5: 68ad82e28ef195a3b49696a621b53c93
SHA-256: 78dc3dd1c42e64e8fa5750f69f79e8b3c650c26cb899ab4369cc8d87ab5f49c0
gnutls-devel-1.4.1-14.el5_10.i386.rpm
File outdated by:  RHSA-2014:0594
    MD5: 5804fd3007b3cf4a355ba020a3682b80
SHA-256: 46f53a90461909fb7a994411cfaa7140ad297811b7bc1012163a8f77bd5dd3c0
gnutls-utils-1.4.1-14.el5_10.i386.rpm
File outdated by:  RHSA-2014:0594
    MD5: 2fdc0102144e3ffdf080a46b6d142305
SHA-256: d1c7dfc0f152736a9e9c0e588c5d2a51891add7fda19ad62d4ec0683bf7f1da0
 
IA-64:
gnutls-1.4.1-14.el5_10.i386.rpm
File outdated by:  RHSA-2014:0594
    MD5: e161485f55cf03853982ed4ed3487b6e
SHA-256: a2fc9afcedf53350578922799768efc59ad94d6f484fab6897d85346587e2b3e
gnutls-1.4.1-14.el5_10.ia64.rpm
File outdated by:  RHSA-2014:0594
    MD5: a99696553610accc4dc126571b774461
SHA-256: f5e13459a97db2a81fcc70ac7ec685f6102688cc748b1d60aaaec010a27fe929
gnutls-debuginfo-1.4.1-14.el5_10.i386.rpm
File outdated by:  RHSA-2014:0594
    MD5: 68ad82e28ef195a3b49696a621b53c93
SHA-256: 78dc3dd1c42e64e8fa5750f69f79e8b3c650c26cb899ab4369cc8d87ab5f49c0
gnutls-debuginfo-1.4.1-14.el5_10.ia64.rpm
File outdated by:  RHSA-2014:0594
    MD5: dc268ec94f443c6d76deb96872cd658b
SHA-256: ca335f67228c7d77c596d53f0c0e2d5febdf6d43308f4c2374b248e1e321c8ec
gnutls-devel-1.4.1-14.el5_10.ia64.rpm
File outdated by:  RHSA-2014:0594
    MD5: a74e1bdfe982494d12197c26cf68a7e5
SHA-256: 444e409622541be586906a5c8e7275cb16f36c58a153f76c02c2499f309773d0
gnutls-utils-1.4.1-14.el5_10.ia64.rpm
File outdated by:  RHSA-2014:0594
    MD5: e930108df47f2f93ed0260e2ebbf9611
SHA-256: 9149b408b47678268443a1080f01d1b765bbd2017597fa3960d1f776ee8c8023
 
PPC:
gnutls-1.4.1-14.el5_10.ppc.rpm
File outdated by:  RHSA-2014:0594
    MD5: 36c2494a796c903b42af3c9944afcf8b
SHA-256: f7a034502da2f8640e2c117466f6d4bfbfd485dc5e764ee074dcfb67e44ff4e7
gnutls-1.4.1-14.el5_10.ppc64.rpm
File outdated by:  RHSA-2014:0594
    MD5: efe4e5ad1d024c98e6acb60aff8ab2b4
SHA-256: 87b032a9d6e77797fcc3210765258d0da7697da119e1836bc3606024b28b50f0
gnutls-debuginfo-1.4.1-14.el5_10.ppc.rpm
File outdated by:  RHSA-2014:0594
    MD5: cae64e43cb2c4015986d2358c89a2415
SHA-256: 19b81ec6aef8ab846d8b352874c50e4d1a27b2e3c97c565530a5389b8a1a9119
gnutls-debuginfo-1.4.1-14.el5_10.ppc64.rpm
File outdated by:  RHSA-2014:0594
    MD5: 8dd9ab61a18a1f22de53a83232ed9699
SHA-256: 9ab1e9ea35b8bbf4d6acb4361243eca506dcf7634d5b1328462a3c46be247a00
gnutls-devel-1.4.1-14.el5_10.ppc.rpm
File outdated by:  RHSA-2014:0594
    MD5: e643a2b62dddb6b0f88758e380c48cc1
SHA-256: 6f516e840174ab322cc50e4696722e34ed5ae5d0c4584306f921e6fc0ddc1f0a
gnutls-devel-1.4.1-14.el5_10.ppc64.rpm
File outdated by:  RHSA-2014:0594
    MD5: f97f411fa8dc8727106b84c3720b8524
SHA-256: fa011220b10329c05a345c663b2887823e682464a35a777ed087e621823410e7
gnutls-utils-1.4.1-14.el5_10.ppc.rpm
File outdated by:  RHSA-2014:0594
    MD5: 67ce1362b4e2cdcb7da0b9eb16c22b39
SHA-256: 7c80ead3eefa6df9b52b6df693ff978f60b6628cf5dbb581a432cdc11d08459c
 
s390x:
gnutls-1.4.1-14.el5_10.s390.rpm
File outdated by:  RHSA-2014:0594
    MD5: 76d86e963ffefbfc7b24386933c26501
SHA-256: 576212ca5e3ef0b98733a312c859256bcbe414b117dbed92bd33ea0ed0a468d6
gnutls-1.4.1-14.el5_10.s390x.rpm
File outdated by:  RHSA-2014:0594
    MD5: 8ab25a5beff06475a2e103db3967f6e8
SHA-256: cfcf6af03998838c772a9ce7e54f36557b4512f24f50aba9f7c3153fb207d049
gnutls-debuginfo-1.4.1-14.el5_10.s390.rpm
File outdated by:  RHSA-2014:0594
    MD5: f6de9ab9c954072db5b2d979c0b6d8c1
SHA-256: 9d3e90bd1c6dca897ff572b4070cf6e138e2055766635ed6eebb5a9b3c2d6a76
gnutls-debuginfo-1.4.1-14.el5_10.s390x.rpm
File outdated by:  RHSA-2014:0594
    MD5: 5451c12f6f937668930a6d2a428a4012
SHA-256: a38e0a90b9a7dd953883d55a572c680850c33b8323ae129bb51bde3a127f7bde
gnutls-devel-1.4.1-14.el5_10.s390.rpm
File outdated by:  RHSA-2014:0594
    MD5: 8d062a0e1395bfad80e8255828bd7f28
SHA-256: ede5b8a513555f0b5ced835f11d941bc8821b700ddfe51e34bcfb9798a761210
gnutls-devel-1.4.1-14.el5_10.s390x.rpm
File outdated by:  RHSA-2014:0594
    MD5: 50c036632494a260dbf9f10497e13a08
SHA-256: 08dfe136fb52bb8cc2dc6444190bc87e5eb5475d5298e0beecd5e9df6b9e358c
gnutls-utils-1.4.1-14.el5_10.s390x.rpm
File outdated by:  RHSA-2014:0594
    MD5: 216985aaffabf8e7a0cb170b3d57c4dc
SHA-256: b57b6abdecf2c457387101e471023458af4b382f18ad9fbb72d4c85022392dcb
 
x86_64:
gnutls-1.4.1-14.el5_10.i386.rpm
File outdated by:  RHSA-2014:0594
    MD5: e161485f55cf03853982ed4ed3487b6e
SHA-256: a2fc9afcedf53350578922799768efc59ad94d6f484fab6897d85346587e2b3e
gnutls-1.4.1-14.el5_10.x86_64.rpm
File outdated by:  RHSA-2014:0594
    MD5: a1f9e846a29998255d6c772a81e3f71e
SHA-256: 34504f9a260ed0b30560f9a1d1c22eb3e96002fb2067dad31239e3ecaac5d6d9
gnutls-debuginfo-1.4.1-14.el5_10.i386.rpm
File outdated by:  RHSA-2014:0594
    MD5: 68ad82e28ef195a3b49696a621b53c93
SHA-256: 78dc3dd1c42e64e8fa5750f69f79e8b3c650c26cb899ab4369cc8d87ab5f49c0
gnutls-debuginfo-1.4.1-14.el5_10.x86_64.rpm
File outdated by:  RHSA-2014:0594
    MD5: aa941b3313fede8472e019dc48c3d918
SHA-256: dc9cbd189478e313b684475161395a7875c45e2cbe2b779cafc6d1e9abf3cb43
gnutls-devel-1.4.1-14.el5_10.i386.rpm
File outdated by:  RHSA-2014:0594
    MD5: 5804fd3007b3cf4a355ba020a3682b80
SHA-256: 46f53a90461909fb7a994411cfaa7140ad297811b7bc1012163a8f77bd5dd3c0
gnutls-devel-1.4.1-14.el5_10.x86_64.rpm
File outdated by:  RHSA-2014:0594
    MD5: 86e454e9e9360ef1dd3fa308f90f55e3
SHA-256: 6d7d4f51b651c3d21ff480a68fdd1136583f64082c2c7260f07f92a7f9d30504
gnutls-utils-1.4.1-14.el5_10.x86_64.rpm
File outdated by:  RHSA-2014:0594
    MD5: 2dcd1f3781f7e968e53baffc94b620ac
SHA-256: d6d5588035808e9be59610c336bb005c3397ff9bfabd900137c778b9d2c54156
 
Red Hat Enterprise Linux Desktop (v. 5 client)

IA-32:
gnutls-1.4.1-14.el5_10.i386.rpm
File outdated by:  RHSA-2014:0594
    MD5: e161485f55cf03853982ed4ed3487b6e
SHA-256: a2fc9afcedf53350578922799768efc59ad94d6f484fab6897d85346587e2b3e
gnutls-debuginfo-1.4.1-14.el5_10.i386.rpm
File outdated by:  RHSA-2014:0594
    MD5: 68ad82e28ef195a3b49696a621b53c93
SHA-256: 78dc3dd1c42e64e8fa5750f69f79e8b3c650c26cb899ab4369cc8d87ab5f49c0
gnutls-utils-1.4.1-14.el5_10.i386.rpm
File outdated by:  RHSA-2014:0594
    MD5: 2fdc0102144e3ffdf080a46b6d142305
SHA-256: d1c7dfc0f152736a9e9c0e588c5d2a51891add7fda19ad62d4ec0683bf7f1da0
 
x86_64:
gnutls-1.4.1-14.el5_10.i386.rpm
File outdated by:  RHSA-2014:0594
    MD5: e161485f55cf03853982ed4ed3487b6e
SHA-256: a2fc9afcedf53350578922799768efc59ad94d6f484fab6897d85346587e2b3e
gnutls-1.4.1-14.el5_10.x86_64.rpm
File outdated by:  RHSA-2014:0594
    MD5: a1f9e846a29998255d6c772a81e3f71e
SHA-256: 34504f9a260ed0b30560f9a1d1c22eb3e96002fb2067dad31239e3ecaac5d6d9
gnutls-debuginfo-1.4.1-14.el5_10.i386.rpm
File outdated by:  RHSA-2014:0594
    MD5: 68ad82e28ef195a3b49696a621b53c93
SHA-256: 78dc3dd1c42e64e8fa5750f69f79e8b3c650c26cb899ab4369cc8d87ab5f49c0
gnutls-debuginfo-1.4.1-14.el5_10.x86_64.rpm
File outdated by:  RHSA-2014:0594
    MD5: aa941b3313fede8472e019dc48c3d918
SHA-256: dc9cbd189478e313b684475161395a7875c45e2cbe2b779cafc6d1e9abf3cb43
gnutls-utils-1.4.1-14.el5_10.x86_64.rpm
File outdated by:  RHSA-2014:0594
    MD5: 2dcd1f3781f7e968e53baffc94b620ac
SHA-256: d6d5588035808e9be59610c336bb005c3397ff9bfabd900137c778b9d2c54156
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1069301 - CVE-2009-5138 gnutls: incorrect handling of V1 intermediate certificates
1069865 - CVE-2014-0092 gnutls: incorrect error handling in certificate verification (GNUTLS-SA-2014-2)


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/