Security update for GnuTLS
SUSE Security Update: Security update for GnuTLS
GnuTLS was updated to fix two security issues:
* CVE-2015-0294: A certificate algorithm consistency checking issue
was fixed, where GnuTLS did not check whether the two signature
algorithms match on certificate import. This problem is not deemed
to be exploitable currently.
* CVE-2015-0282: GNUTLS-SA-2015-1: GnuTLS did not verify the RSA PKCS
#1 signature algorithm to match the signature algorithm in the
certificate, leading to a potential downgrade to a disallowed
algorithm, such as MD5, without detecting it.
Security Issues:
* CVE-2015-0294
* CVE-2014-8155
* CVE-2015-0282
| Announcement ID: | SUSE-SU-2015:0675-1 |
| Rating: | moderate |
| References: | #919938 #921684 |
| Affected Products: |
An update that fixes three vulnerabilities is now available.
Description:
GnuTLS was updated to fix two security issues:
* CVE-2015-0294: A certificate algorithm consistency checking issue
was fixed, where GnuTLS did not check whether the two signature
algorithms match on certificate import. This problem is not deemed
to be exploitable currently.
* CVE-2015-0282: GNUTLS-SA-2015-1: GnuTLS did not verify the RSA PKCS
#1 signature algorithm to match the signature algorithm in the
certificate, leading to a potential downgrade to a disallowed
algorithm, such as MD5, without detecting it.
Security Issues:
* CVE-2015-0294
* CVE-2014-8155
* CVE-2015-0282
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Manager 1.7 for SLE 11 SP2:
zypper in -t patch sleman17sp2-gnutls=10535 - SUSE Linux Enterprise Software Development Kit 11 SP3:
zypper in -t patch sdksp3-gnutls=10536 - SUSE Linux Enterprise Server 11 SP3 for VMware:
zypper in -t patch slessp3-gnutls=10536 - SUSE Linux Enterprise Server 11 SP3:
zypper in -t patch slessp3-gnutls=10536 - SUSE Linux Enterprise High Availability Extension 11 SP3:
zypper in -t patch slehasp3-gnutls=10536 - SUSE Linux Enterprise Desktop 11 SP3:
zypper in -t patch sledsp3-gnutls=10536
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Manager 1.7 for SLE 11 SP2 (x86_64):
- gnutls-2.4.1-24.39.55.1
- libgnutls-extra26-2.4.1-24.39.55.1
- libgnutls26-2.4.1-24.39.55.1
- libgnutls26-32bit-2.4.1-24.39.55.1
- SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64):
- libgnutls-devel-2.4.1-24.39.55.1
- libgnutls-extra-devel-2.4.1-24.39.55.1
- libgnutls-extra26-2.4.1-24.39.55.1
- SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64):
- gnutls-2.4.1-24.39.55.1
- libgnutls-extra26-2.4.1-24.39.55.1
- libgnutls26-2.4.1-24.39.55.1
- SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64):
- libgnutls26-32bit-2.4.1-24.39.55.1
- SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64):
- gnutls-2.4.1-24.39.55.1
- libgnutls-extra26-2.4.1-24.39.55.1
- libgnutls26-2.4.1-24.39.55.1
- SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64):
- libgnutls26-32bit-2.4.1-24.39.55.1
- SUSE Linux Enterprise Server 11 SP3 (ia64):
- libgnutls26-x86-2.4.1-24.39.55.1
- SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 ia64 ppc64 s390x x86_64):
- libgnutls-extra26-2.4.1-24.39.55.1
- SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64):
- gnutls-2.4.1-24.39.55.1
- libgnutls26-2.4.1-24.39.55.1
- SUSE Linux Enterprise Desktop 11 SP3 (x86_64):
- libgnutls26-32bit-2.4.1-24.39.55.1
References:
- https://www.suse.com/security/cve/CVE-2014-8155.html
- https://www.suse.com/security/cve/CVE-2015-0282.html
- https://www.suse.com/security/cve/CVE-2015-0294.html
- https://bugzilla.suse.com/919938
- https://bugzilla.suse.com/921684
- https://download.suse.com/patch/finder/?keywords=951b449be6ba7a46cf9a00cb94802aa7
- https://download.suse.com/patch/finder/?keywords=96acf93b3a6ebecc75fae75257911b3f