Security Advisory Important: gnutls security update

Advisory: RHSA-2014:0684-1
Type: Security Advisory
Severity: Important
Issued on: 2014-06-10
Last updated on: 2014-06-10
Affected Products: Red Hat Enterprise Linux Desktop (v. 7)
Red Hat Enterprise Linux HPC Node (v. 7)
Red Hat Enterprise Linux Server (v. 7)
Red Hat Enterprise Linux Workstation (v. 7)
CVEs (cve.mitre.org): CVE-2014-3465
CVE-2014-3466

Details

Updated gnutls packages that fix two security issues are now available for
Red Hat Enterprise Linux 7.

The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

The GnuTLS library provides support for cryptographic algorithms and for
protocols such as Transport Layer Security (TLS).

A flaw was found in the way GnuTLS parsed session IDs from ServerHello
messages of the TLS/SSL handshake. A malicious server could use this flaw
to send an excessively long session ID value, which would trigger a buffer
overflow in a connecting TLS/SSL client application using GnuTLS, causing
the client application to crash or, possibly, execute arbitrary code.
(CVE-2014-3466)

A NULL pointer dereference flaw was found in the way GnuTLS parsed X.509
certificates. A specially crafted certificate could cause a server or
client application using GnuTLS to crash. (CVE-2014-3465)

Red Hat would like to thank GnuTLS upstream for reporting these issues.
Upstream acknowledges Joonas Kuorilehto of Codenomicon as the original
reporter of CVE-2014-3466.

Users of GnuTLS are advised to upgrade to these updated packages, which
correct these issues. For the update to take effect, all applications
linked to the GnuTLS library must be restarted.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Updated packages

Red Hat Enterprise Linux Desktop (v. 7)

SRPMS:
gnutls-3.1.18-9.el7_0.src.rpm
File outdated by:  RHBA-2015:0315
    MD5: 95e1f5b9bacea40693dc7d64cae0db15
SHA-256: af5ad9e218d8a9a10e216539ca31a309dcc20029776894a580bbdeb26a35af20
 
x86_64:
gnutls-3.1.18-9.el7_0.i686.rpm
File outdated by:  RHBA-2015:0315
    MD5: a83cc8b8ee45fd6af817ac98b66ee1ec
SHA-256: 58e15624ea63326cfae677f44057bdaef87af3a9b5c6e092021eacf2a5d6ed0a
gnutls-3.1.18-9.el7_0.x86_64.rpm
File outdated by:  RHBA-2015:0315
    MD5: 36f3f374b1582874f5ad4d6e085e1997
SHA-256: 38984c2f46964cfffc4f20f1f223c545a0130ff49e3d8f2486bbc4bd3dbd0088
gnutls-c++-3.1.18-9.el7_0.i686.rpm
File outdated by:  RHBA-2015:0315
    MD5: 18a38b328867d5588c32ba0945c42034
SHA-256: 64c2b2553f51d32477a4ee0da95704531a4acb077a77f6dbb3cb7bef5f973a26
gnutls-c++-3.1.18-9.el7_0.x86_64.rpm
File outdated by:  RHBA-2015:0315
    MD5: 60f56b2f2689d7a6cc82246e605f4e0c
SHA-256: 67eb881a9f85361c6e311abb43fe2ca546009f44289a41a4eea65d98fda50355
gnutls-dane-3.1.18-9.el7_0.i686.rpm
File outdated by:  RHBA-2015:0315
    MD5: f98f882d692288866ac36e7b66e49903
SHA-256: 8e2c329d789e7dabbc8445c730baa51fc7ea07117147f86a583126b06b832145
gnutls-dane-3.1.18-9.el7_0.x86_64.rpm
File outdated by:  RHBA-2015:0315
    MD5: 2b67e3b12490dd27814f5ca694cfc66f
SHA-256: a3d3b72b9fdd1af4264405a5dc95caead2726e42e04b6a3c7ec6609b120a61db
gnutls-debuginfo-3.1.18-9.el7_0.i686.rpm
File outdated by:  RHBA-2015:0315
    MD5: 7bc211bc11aae7d827cebdb0b3cebbb5
SHA-256: 94cf1862e68e10a8e401bf2ee9cbe4d29f99335376f9705f0cacfd2fc96ede9d
gnutls-debuginfo-3.1.18-9.el7_0.x86_64.rpm
File outdated by:  RHBA-2015:0315
    MD5: 767a710017b7c692a240b23720a03616
SHA-256: e68a3f9a91785e1ec5a6dc8a7a3d8d4d9d14b5da852e63e7e799a0cd777da79a
gnutls-devel-3.1.18-9.el7_0.i686.rpm
File outdated by:  RHBA-2015:0315
    MD5: c9bc99f5b6413dc4b163b8ee4dc111d5
SHA-256: e00c0e61103cbc070172f71e66a00b4c1e90b5e51fc0a691452b5c40c38a2fcf
gnutls-devel-3.1.18-9.el7_0.x86_64.rpm
File outdated by:  RHBA-2015:0315
    MD5: 065a841f6376cb6ae106cfbd34629290
SHA-256: fbe24727e1086be6b083b29efd58f092bc228d1bf472ba50d9619616b33ab08c
gnutls-utils-3.1.18-9.el7_0.x86_64.rpm
File outdated by:  RHBA-2015:0315
    MD5: 18e7698d73ef5cd4a86cd346c53f215c
SHA-256: 2741011d2ae937cc8b2f7c4c90640b36400ebf761be1887a2e558aee1c945323
 
Red Hat Enterprise Linux HPC Node (v. 7)

SRPMS:
gnutls-3.1.18-9.el7_0.src.rpm
File outdated by:  RHBA-2015:0315
    MD5: 95e1f5b9bacea40693dc7d64cae0db15
SHA-256: af5ad9e218d8a9a10e216539ca31a309dcc20029776894a580bbdeb26a35af20
 
x86_64:
gnutls-3.1.18-9.el7_0.i686.rpm
File outdated by:  RHBA-2015:0315
    MD5: a83cc8b8ee45fd6af817ac98b66ee1ec
SHA-256: 58e15624ea63326cfae677f44057bdaef87af3a9b5c6e092021eacf2a5d6ed0a
gnutls-3.1.18-9.el7_0.x86_64.rpm
File outdated by:  RHBA-2015:0315
    MD5: 36f3f374b1582874f5ad4d6e085e1997
SHA-256: 38984c2f46964cfffc4f20f1f223c545a0130ff49e3d8f2486bbc4bd3dbd0088
gnutls-c++-3.1.18-9.el7_0.i686.rpm
File outdated by:  RHBA-2015:0315
    MD5: 18a38b328867d5588c32ba0945c42034
SHA-256: 64c2b2553f51d32477a4ee0da95704531a4acb077a77f6dbb3cb7bef5f973a26
gnutls-c++-3.1.18-9.el7_0.x86_64.rpm
File outdated by:  RHBA-2015:0315
    MD5: 60f56b2f2689d7a6cc82246e605f4e0c
SHA-256: 67eb881a9f85361c6e311abb43fe2ca546009f44289a41a4eea65d98fda50355
gnutls-dane-3.1.18-9.el7_0.i686.rpm
File outdated by:  RHBA-2015:0315
    MD5: f98f882d692288866ac36e7b66e49903
SHA-256: 8e2c329d789e7dabbc8445c730baa51fc7ea07117147f86a583126b06b832145
gnutls-dane-3.1.18-9.el7_0.x86_64.rpm
File outdated by:  RHBA-2015:0315
    MD5: 2b67e3b12490dd27814f5ca694cfc66f
SHA-256: a3d3b72b9fdd1af4264405a5dc95caead2726e42e04b6a3c7ec6609b120a61db
gnutls-debuginfo-3.1.18-9.el7_0.i686.rpm
File outdated by:  RHBA-2015:0315
    MD5: 7bc211bc11aae7d827cebdb0b3cebbb5
SHA-256: 94cf1862e68e10a8e401bf2ee9cbe4d29f99335376f9705f0cacfd2fc96ede9d
gnutls-debuginfo-3.1.18-9.el7_0.x86_64.rpm
File outdated by:  RHBA-2015:0315
    MD5: 767a710017b7c692a240b23720a03616
SHA-256: e68a3f9a91785e1ec5a6dc8a7a3d8d4d9d14b5da852e63e7e799a0cd777da79a
gnutls-devel-3.1.18-9.el7_0.i686.rpm
File outdated by:  RHBA-2015:0315
    MD5: c9bc99f5b6413dc4b163b8ee4dc111d5
SHA-256: e00c0e61103cbc070172f71e66a00b4c1e90b5e51fc0a691452b5c40c38a2fcf
gnutls-devel-3.1.18-9.el7_0.x86_64.rpm
File outdated by:  RHBA-2015:0315
    MD5: 065a841f6376cb6ae106cfbd34629290
SHA-256: fbe24727e1086be6b083b29efd58f092bc228d1bf472ba50d9619616b33ab08c
gnutls-utils-3.1.18-9.el7_0.x86_64.rpm
File outdated by:  RHBA-2015:0315
    MD5: 18e7698d73ef5cd4a86cd346c53f215c
SHA-256: 2741011d2ae937cc8b2f7c4c90640b36400ebf761be1887a2e558aee1c945323
 
Red Hat Enterprise Linux Server (v. 7)

SRPMS:
gnutls-3.1.18-9.el7_0.src.rpm
File outdated by:  RHBA-2015:0315
    MD5: 95e1f5b9bacea40693dc7d64cae0db15
SHA-256: af5ad9e218d8a9a10e216539ca31a309dcc20029776894a580bbdeb26a35af20
 
PPC:
gnutls-3.1.18-9.el7_0.ppc.rpm
File outdated by:  RHBA-2015:0315
    MD5: 813f5fde9a9de6bb4cbc51765f197d6c
SHA-256: e1fdf4d4743c1b5c659757a6eebc6ce11b96811fcdbc396f90c576982529b21f
gnutls-3.1.18-9.el7_0.ppc64.rpm
File outdated by:  RHBA-2015:0315
    MD5: 0a31a59bac1662070994c3ff0c74a55c
SHA-256: 8f8a603bfc7b70e6266d53dd359ae396b5d19818d3db104eb7028d67eedb0b47
gnutls-c++-3.1.18-9.el7_0.ppc.rpm
File outdated by:  RHBA-2015:0315
    MD5: 15c6fb00ae56c26ad598ee95b4a225f1
SHA-256: 6566fd98742a8a6bec21db63d23ec1e4c7a77f33312ccefb9341689866e44f61
gnutls-c++-3.1.18-9.el7_0.ppc64.rpm
File outdated by:  RHBA-2015:0315
    MD5: f236bd82ea128b01d29cc02f7cf30c30
SHA-256: df712d84b6e1a98c98f88a3934124ee06f024e62d1c279e3794e1380682bac61
gnutls-dane-3.1.18-9.el7_0.ppc.rpm
File outdated by:  RHBA-2015:0315
    MD5: f7c15436383a791bfd67cf5c67689486
SHA-256: 3782142feb7902755e8ccccd482fbe4b62e6864f44aae4eb582c2908527941b1
gnutls-dane-3.1.18-9.el7_0.ppc64.rpm
File outdated by:  RHBA-2015:0315
    MD5: 76df84fd16b985f5b196cd8853bdcf48
SHA-256: 5b3332f61410db69424ec57f815f117b7570c6f59d6c3daddf9118f06d398f54
gnutls-debuginfo-3.1.18-9.el7_0.ppc.rpm
File outdated by:  RHBA-2015:0315
    MD5: 5ef5cc9a4e789922893cedb8079689d3
SHA-256: 20c694c89021360f1e3a8be859374546f2223fe4fc9de7d99c23925d04164aeb
gnutls-debuginfo-3.1.18-9.el7_0.ppc64.rpm
File outdated by:  RHBA-2015:0315
    MD5: 03ba6644914f59399ef7fd07fcb1f393
SHA-256: 5215f641c516499702a95524a03328fa47707859829850d7942ac8aa81469e1a
gnutls-devel-3.1.18-9.el7_0.ppc.rpm
File outdated by:  RHBA-2015:0315
    MD5: f1a56cd9b0570b6de70724bb2ff011e6
SHA-256: 9a5302b3d331dda2e040d6f52fa39f7666574af6e75ff963f20afb4834923827
gnutls-devel-3.1.18-9.el7_0.ppc64.rpm
File outdated by:  RHBA-2015:0315
    MD5: 80abda22427667377e0b3fc1994e2071
SHA-256: b8805aecfce5b0a9ba1a27238ce306f7c8bae38f31dd50113f638f5e55baa437
gnutls-utils-3.1.18-9.el7_0.ppc64.rpm
File outdated by:  RHBA-2015:0315
    MD5: 6b7c33c5d0479fa9ca8313d124c3e176
SHA-256: 129da752e4c763eb5115a987a12a422948ce76586f7bd1d3b739a5fd3561c316
 
s390x:
gnutls-3.1.18-9.el7_0.s390.rpm
File outdated by:  RHBA-2015:0315
    MD5: d39876abc957f65075120b51d9077c7f
SHA-256: 18e5f4b040beee3fbf41238e9c7ded001303c3a837669607cdbc1d0535d9d046
gnutls-3.1.18-9.el7_0.s390x.rpm
File outdated by:  RHBA-2015:0315
    MD5: 0a01c3cd121437eaa416017f1ffbbf3a
SHA-256: aefbef0503b35954dcc746a7de115db294fb8742b1d80aeadabafd0aea0c6232
gnutls-c++-3.1.18-9.el7_0.s390.rpm
File outdated by:  RHBA-2015:0315
    MD5: a957700acaf56393f7fb8db1af9d416b
SHA-256: 4584013038513261181ada8b95d32db6e1fcc58b366511df2b8603bcb314713e
gnutls-c++-3.1.18-9.el7_0.s390x.rpm
File outdated by:  RHBA-2015:0315
    MD5: 2d65b554edf7ba8dbe2257736a76f2a6
SHA-256: 1e5a91b238701dcba0be755d64c1647ba913469941710c358f516184e75e0ad4
gnutls-dane-3.1.18-9.el7_0.s390.rpm
File outdated by:  RHBA-2015:0315
    MD5: b80e511dc1bd061f9d01c5ebfd18d9d4
SHA-256: 6fc1c17d57dd0fa77af04499ab8ab48e8be45f01f6870502f7030541e2fe9821
gnutls-dane-3.1.18-9.el7_0.s390x.rpm
File outdated by:  RHBA-2015:0315
    MD5: 5cbc49e87448288719d56bca0fc8a6bd
SHA-256: f5a98643e8bf7bc7e436790e1eca98090edca1543df6cb4e077f689e27b0eeed
gnutls-debuginfo-3.1.18-9.el7_0.s390.rpm
File outdated by:  RHBA-2015:0315
    MD5: 957e96a261a39cd6f5dff1d7a988f599
SHA-256: cd08387a57233b8368cdff9b0b02adf95e9a18ac1bb85a478120890af1e4159f
gnutls-debuginfo-3.1.18-9.el7_0.s390x.rpm
File outdated by:  RHBA-2015:0315
    MD5: a54abedc1564b9e3f4cef3f2e68b8d4d
SHA-256: 59b4b8b7cdbc661e7e747849866129afa05f7b0ae9a36bbacd990c6713578c22
gnutls-devel-3.1.18-9.el7_0.s390.rpm
File outdated by:  RHBA-2015:0315
    MD5: 49f686812466cf769807ebf6b5f6bea7
SHA-256: dece976dd69337eef27e8244b0ee142a07a6a59d122f89df20bc28f162a1a073
gnutls-devel-3.1.18-9.el7_0.s390x.rpm
File outdated by:  RHBA-2015:0315
    MD5: 764e7cb785652b07dad51c97d78aaaf9
SHA-256: 7997787048e79ddc06d88fc853ee365b84f97779eb0296ca91bba1a04fef114c
gnutls-utils-3.1.18-9.el7_0.s390x.rpm
File outdated by:  RHBA-2015:0315
    MD5: 4f89fd7e1c949846ae8f8c7d264b1715
SHA-256: 0f87f51bcb1afb5b96cf966c5d00c1472f386b1ef1ac7c84a46f0a506ace0be5
 
x86_64:
gnutls-3.1.18-9.el7_0.i686.rpm
File outdated by:  RHBA-2015:0315
    MD5: a83cc8b8ee45fd6af817ac98b66ee1ec
SHA-256: 58e15624ea63326cfae677f44057bdaef87af3a9b5c6e092021eacf2a5d6ed0a
gnutls-3.1.18-9.el7_0.x86_64.rpm
File outdated by:  RHBA-2015:0315
    MD5: 36f3f374b1582874f5ad4d6e085e1997
SHA-256: 38984c2f46964cfffc4f20f1f223c545a0130ff49e3d8f2486bbc4bd3dbd0088
gnutls-c++-3.1.18-9.el7_0.i686.rpm
File outdated by:  RHBA-2015:0315
    MD5: 18a38b328867d5588c32ba0945c42034
SHA-256: 64c2b2553f51d32477a4ee0da95704531a4acb077a77f6dbb3cb7bef5f973a26
gnutls-c++-3.1.18-9.el7_0.x86_64.rpm
File outdated by:  RHBA-2015:0315
    MD5: 60f56b2f2689d7a6cc82246e605f4e0c
SHA-256: 67eb881a9f85361c6e311abb43fe2ca546009f44289a41a4eea65d98fda50355
gnutls-dane-3.1.18-9.el7_0.i686.rpm
File outdated by:  RHBA-2015:0315
    MD5: f98f882d692288866ac36e7b66e49903
SHA-256: 8e2c329d789e7dabbc8445c730baa51fc7ea07117147f86a583126b06b832145
gnutls-dane-3.1.18-9.el7_0.x86_64.rpm
File outdated by:  RHBA-2015:0315
    MD5: 2b67e3b12490dd27814f5ca694cfc66f
SHA-256: a3d3b72b9fdd1af4264405a5dc95caead2726e42e04b6a3c7ec6609b120a61db
gnutls-debuginfo-3.1.18-9.el7_0.i686.rpm
File outdated by:  RHBA-2015:0315
    MD5: 7bc211bc11aae7d827cebdb0b3cebbb5
SHA-256: 94cf1862e68e10a8e401bf2ee9cbe4d29f99335376f9705f0cacfd2fc96ede9d
gnutls-debuginfo-3.1.18-9.el7_0.x86_64.rpm
File outdated by:  RHBA-2015:0315
    MD5: 767a710017b7c692a240b23720a03616
SHA-256: e68a3f9a91785e1ec5a6dc8a7a3d8d4d9d14b5da852e63e7e799a0cd777da79a
gnutls-devel-3.1.18-9.el7_0.i686.rpm
File outdated by:  RHBA-2015:0315
    MD5: c9bc99f5b6413dc4b163b8ee4dc111d5
SHA-256: e00c0e61103cbc070172f71e66a00b4c1e90b5e51fc0a691452b5c40c38a2fcf
gnutls-devel-3.1.18-9.el7_0.x86_64.rpm
File outdated by:  RHBA-2015:0315
    MD5: 065a841f6376cb6ae106cfbd34629290
SHA-256: fbe24727e1086be6b083b29efd58f092bc228d1bf472ba50d9619616b33ab08c
gnutls-utils-3.1.18-9.el7_0.x86_64.rpm
File outdated by:  RHBA-2015:0315
    MD5: 18e7698d73ef5cd4a86cd346c53f215c
SHA-256: 2741011d2ae937cc8b2f7c4c90640b36400ebf761be1887a2e558aee1c945323
 
Red Hat Enterprise Linux Workstation (v. 7)

SRPMS:
gnutls-3.1.18-9.el7_0.src.rpm
File outdated by:  RHBA-2015:0315
    MD5: 95e1f5b9bacea40693dc7d64cae0db15
SHA-256: af5ad9e218d8a9a10e216539ca31a309dcc20029776894a580bbdeb26a35af20
 
x86_64:
gnutls-3.1.18-9.el7_0.i686.rpm
File outdated by:  RHBA-2015:0315
    MD5: a83cc8b8ee45fd6af817ac98b66ee1ec
SHA-256: 58e15624ea63326cfae677f44057bdaef87af3a9b5c6e092021eacf2a5d6ed0a
gnutls-3.1.18-9.el7_0.x86_64.rpm
File outdated by:  RHBA-2015:0315
    MD5: 36f3f374b1582874f5ad4d6e085e1997
SHA-256: 38984c2f46964cfffc4f20f1f223c545a0130ff49e3d8f2486bbc4bd3dbd0088
gnutls-c++-3.1.18-9.el7_0.i686.rpm
File outdated by:  RHBA-2015:0315
    MD5: 18a38b328867d5588c32ba0945c42034
SHA-256: 64c2b2553f51d32477a4ee0da95704531a4acb077a77f6dbb3cb7bef5f973a26
gnutls-c++-3.1.18-9.el7_0.x86_64.rpm
File outdated by:  RHBA-2015:0315
    MD5: 60f56b2f2689d7a6cc82246e605f4e0c
SHA-256: 67eb881a9f85361c6e311abb43fe2ca546009f44289a41a4eea65d98fda50355
gnutls-dane-3.1.18-9.el7_0.i686.rpm
File outdated by:  RHBA-2015:0315
    MD5: f98f882d692288866ac36e7b66e49903
SHA-256: 8e2c329d789e7dabbc8445c730baa51fc7ea07117147f86a583126b06b832145
gnutls-dane-3.1.18-9.el7_0.x86_64.rpm
File outdated by:  RHBA-2015:0315
    MD5: 2b67e3b12490dd27814f5ca694cfc66f
SHA-256: a3d3b72b9fdd1af4264405a5dc95caead2726e42e04b6a3c7ec6609b120a61db
gnutls-debuginfo-3.1.18-9.el7_0.i686.rpm
File outdated by:  RHBA-2015:0315
    MD5: 7bc211bc11aae7d827cebdb0b3cebbb5
SHA-256: 94cf1862e68e10a8e401bf2ee9cbe4d29f99335376f9705f0cacfd2fc96ede9d
gnutls-debuginfo-3.1.18-9.el7_0.x86_64.rpm
File outdated by:  RHBA-2015:0315
    MD5: 767a710017b7c692a240b23720a03616
SHA-256: e68a3f9a91785e1ec5a6dc8a7a3d8d4d9d14b5da852e63e7e799a0cd777da79a
gnutls-devel-3.1.18-9.el7_0.i686.rpm
File outdated by:  RHBA-2015:0315
    MD5: c9bc99f5b6413dc4b163b8ee4dc111d5
SHA-256: e00c0e61103cbc070172f71e66a00b4c1e90b5e51fc0a691452b5c40c38a2fcf
gnutls-devel-3.1.18-9.el7_0.x86_64.rpm
File outdated by:  RHBA-2015:0315
    MD5: 065a841f6376cb6ae106cfbd34629290
SHA-256: fbe24727e1086be6b083b29efd58f092bc228d1bf472ba50d9619616b33ab08c
gnutls-utils-3.1.18-9.el7_0.x86_64.rpm
File outdated by:  RHBA-2015:0315
    MD5: 18e7698d73ef5cd4a86cd346c53f215c
SHA-256: 2741011d2ae937cc8b2f7c4c90640b36400ebf761be1887a2e558aee1c945323
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1101734 - CVE-2014-3465 gnutls: gnutls_x509_dn_oid_name NULL pointer dereference
1101932 - CVE-2014-3466 gnutls: insufficient session id length check in _gnutls_read_server_hello (GNUTLS-SA-2014-3)


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/