gnutls-1.4.1-14.0.1.AXS3

エラータID: AXSA:2014-243:01

Release date: 
Thursday, April 10, 2014 - 18:57
Subject: 
gnutls-1.4.1-14.0.1.AXS3
Affected Channels: 
Asianux Server 3 for x86
Asianux Server 3 for x86_64
Severity: 
High
Description: 

GnuTLS is a project that aims to develop a library which provides a secure layer, over a reliable transport layer. Currently the GnuTLS library implements the proposed standards by the IETF's TLS working group.

Security issues fixed with this release:

• CVE-2009-5138
GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates, a different vulnerability than CVE-2014-1959.

• CVE-2014-0092
lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.

Solution: 

Update packages.

CVEs: 
CVE-2009-5138
GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates, a different vulnerability than CVE-2014-1959.
CVE-2014-0092
lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
Additional Info: 

N/A

Download: 

SRPMS
  1. gnutls-1.4.1-14.0.1.AXS3.src.rpm
    MD5: 5550389b0f4ea81ac8a8be1429acc56d
    SHA-256: 85487aa2e5f510fc7684ccb47ee48fdc05e3b7e73614706a72f6c941b8e3c21d
    Size: 3.89 MB

Asianux Server 3 for x86
  1. gnutls-1.4.1-14.0.1.AXS3.i386.rpm
    MD5: 14dd24c32325883417baa3b12bf98966
    SHA-256: 5200045dce783fbb531f443a5145c15d0c7368398cff4a44dce0b81bc58aa92f
    Size: 374.36 kB
  2. gnutls-devel-1.4.1-14.0.1.AXS3.i386.rpm
    MD5: 7f5ea55adbd2663050ec82c40f885336
    SHA-256: dcf9f708ee7998f854e981fb64d05bbd455991a7507d81d81d2cf25f30163db7
    Size: 917.11 kB

Asianux Server 3 for x86_64
  1. gnutls-1.4.1-14.0.1.AXS3.x86_64.rpm
    MD5: 22ee3999681a2d90fe2c5d985166a8cc
    SHA-256: ebc2f5a84219e301ca91c25a730bcd19e5bae6dbfc00d79b262f555507aa42ac
    Size: 387.71 kB
  2. gnutls-devel-1.4.1-14.0.1.AXS3.x86_64.rpm
    MD5: 5be6dca6339254dd03ef6090af7d51ce
    SHA-256: 2378d01549d26416f297f1ab9ff32e71e10a73f7f4e07bd1263c5e54d14359eb
    Size: 935.45 kB