ESB-2017.1898 - [RedHat] gnutls: Multiple vulnerabilities 2017-08-02

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2017.1898
        Moderate: gnutls security, bug fix, and enhancement update
                               2 August 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           gnutls
Publisher:         Red Hat
Operating System:  Red Hat Enterprise Linux Server 7
                   Red Hat Enterprise Linux WS/Desktop 7
Impact/Access:     Denial of Service -- Remote/Unauthenticated
                   Reduced Security  -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2017-7869 CVE-2017-7507 CVE-2017-5337
                   CVE-2017-5336 CVE-2017-5335 CVE-2017-5334
                   CVE-2016-7444  

Reference:         ESB-2017.1516
                   ESB-2017.1480
                   ESB-2017.0746

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2017:2292

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: gnutls security, bug fix, and enhancement update
Advisory ID:       RHSA-2017:2292-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2017:2292
Issue date:        2017-08-01
CVE Names:         CVE-2016-7444 CVE-2017-5334 CVE-2017-5335 
                   CVE-2017-5336 CVE-2017-5337 CVE-2017-7507 
                   CVE-2017-7869 
=====================================================================

1. Summary:

An update for gnutls is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64

3. Description:

The gnutls packages provide the GNU Transport Layer Security (GnuTLS)
library, which implements cryptographic algorithms and protocols such as
SSL, TLS, and DTLS.

The following packages have been upgraded to a later upstream version:
gnutls (3.3.26). (BZ#1378373)

Security Fix(es):

* A double-free flaw was found in the way GnuTLS parsed certain X.509
certificates with Proxy Certificate Information extension. An attacker
could create a specially-crafted certificate which, when processed by an
application compiled against GnuTLS, could cause that application to crash.
(CVE-2017-5334)

* Multiple flaws were found in the way gnutls processed OpenPGP
certificates. An attacker could create specially crafted OpenPGP
certificates which, when parsed by gnutls, would cause it to crash.
(CVE-2017-5335, CVE-2017-5336, CVE-2017-5337, CVE-2017-7869)

* A null pointer dereference flaw was found in the way GnuTLS processed
ClientHello messages with status_request extension. A remote attacker could
use this flaw to cause an application compiled with GnuTLS to crash.
(CVE-2017-7507)

* A flaw was found in the way GnuTLS validated certificates using OCSP
responses. This could falsely report a certificate as valid under certain
circumstances. (CVE-2016-7444)

The CVE-2017-7507 issue was discovered by Hubert Kario (Red Hat QE BaseOS
Security team).

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 7.4 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1335931 - gnutls: Disable TLS connections with less than 1024-bit DH parameters
1374266 - CVE-2016-7444 gnutls: Incorrect certificate validation when using OCSP responses (GNUTLS-SA-2016-3)
1375303 - gnutls trusts a certificate whose CA is both explicitly trusted and blacklisted
1375463 - doc update: certtool's manpage does not mention it cannot handle PKCS#11 URLs for certain options
1378373 - RFE: Add functions to set issuer and subject id in x509 certificates
1379283 - gnutls: Support the pin-value attribute in RFC7512 URLs
1379739 - gnutls: do not require trousers
1380642 - Cannot read encrypted PKCS#8 from OpenSSL
1383748 - GnuTLS parses only the first 32 extensions, ignoring the rest
1388932 - gnutls: interoperability issue 3.3.x vs. 3.5.5
1399232 - RFE: p11tool command misses the --id option
1411835 - CVE-2017-5334 gnutls: Double-free while decoding crafted X.509 certificates
1411836 - CVE-2017-5337 gnutls: Heap read overflow in read-packet.c
1412235 - CVE-2017-5335 gnutls: Out of memory while parsing crafted OpenPGP certificate
1412236 - CVE-2017-5336 gnutls: Stack overflow in cdk_pk_get_keyid
1443033 - CVE-2017-7869 gnutls: Out-of-bounds write related to the cdk_pkt_read function (GNUTLS-SA-2017-3)
1454621 - CVE-2017-7507 gnutls: Crash upon receiving well-formed status_request extension

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
gnutls-3.3.26-9.el7.src.rpm

x86_64:
gnutls-3.3.26-9.el7.i686.rpm
gnutls-3.3.26-9.el7.x86_64.rpm
gnutls-dane-3.3.26-9.el7.i686.rpm
gnutls-dane-3.3.26-9.el7.x86_64.rpm
gnutls-debuginfo-3.3.26-9.el7.i686.rpm
gnutls-debuginfo-3.3.26-9.el7.x86_64.rpm
gnutls-utils-3.3.26-9.el7.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:
gnutls-c++-3.3.26-9.el7.i686.rpm
gnutls-c++-3.3.26-9.el7.x86_64.rpm
gnutls-debuginfo-3.3.26-9.el7.i686.rpm
gnutls-debuginfo-3.3.26-9.el7.x86_64.rpm
gnutls-devel-3.3.26-9.el7.i686.rpm
gnutls-devel-3.3.26-9.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
gnutls-3.3.26-9.el7.src.rpm

x86_64:
gnutls-3.3.26-9.el7.i686.rpm
gnutls-3.3.26-9.el7.x86_64.rpm
gnutls-dane-3.3.26-9.el7.i686.rpm
gnutls-dane-3.3.26-9.el7.x86_64.rpm
gnutls-debuginfo-3.3.26-9.el7.i686.rpm
gnutls-debuginfo-3.3.26-9.el7.x86_64.rpm
gnutls-utils-3.3.26-9.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64:
gnutls-c++-3.3.26-9.el7.i686.rpm
gnutls-c++-3.3.26-9.el7.x86_64.rpm
gnutls-debuginfo-3.3.26-9.el7.i686.rpm
gnutls-debuginfo-3.3.26-9.el7.x86_64.rpm
gnutls-devel-3.3.26-9.el7.i686.rpm
gnutls-devel-3.3.26-9.el7.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
gnutls-3.3.26-9.el7.src.rpm

aarch64:
gnutls-3.3.26-9.el7.aarch64.rpm
gnutls-c++-3.3.26-9.el7.aarch64.rpm
gnutls-dane-3.3.26-9.el7.aarch64.rpm
gnutls-debuginfo-3.3.26-9.el7.aarch64.rpm
gnutls-devel-3.3.26-9.el7.aarch64.rpm
gnutls-utils-3.3.26-9.el7.aarch64.rpm

ppc64:
gnutls-3.3.26-9.el7.ppc.rpm
gnutls-3.3.26-9.el7.ppc64.rpm
gnutls-c++-3.3.26-9.el7.ppc.rpm
gnutls-c++-3.3.26-9.el7.ppc64.rpm
gnutls-dane-3.3.26-9.el7.ppc.rpm
gnutls-dane-3.3.26-9.el7.ppc64.rpm
gnutls-debuginfo-3.3.26-9.el7.ppc.rpm
gnutls-debuginfo-3.3.26-9.el7.ppc64.rpm
gnutls-devel-3.3.26-9.el7.ppc.rpm
gnutls-devel-3.3.26-9.el7.ppc64.rpm
gnutls-utils-3.3.26-9.el7.ppc64.rpm

ppc64le:
gnutls-3.3.26-9.el7.ppc64le.rpm
gnutls-c++-3.3.26-9.el7.ppc64le.rpm
gnutls-dane-3.3.26-9.el7.ppc64le.rpm
gnutls-debuginfo-3.3.26-9.el7.ppc64le.rpm
gnutls-devel-3.3.26-9.el7.ppc64le.rpm
gnutls-utils-3.3.26-9.el7.ppc64le.rpm

s390x:
gnutls-3.3.26-9.el7.s390.rpm
gnutls-3.3.26-9.el7.s390x.rpm
gnutls-c++-3.3.26-9.el7.s390.rpm
gnutls-c++-3.3.26-9.el7.s390x.rpm
gnutls-dane-3.3.26-9.el7.s390.rpm
gnutls-dane-3.3.26-9.el7.s390x.rpm
gnutls-debuginfo-3.3.26-9.el7.s390.rpm
gnutls-debuginfo-3.3.26-9.el7.s390x.rpm
gnutls-devel-3.3.26-9.el7.s390.rpm
gnutls-devel-3.3.26-9.el7.s390x.rpm
gnutls-utils-3.3.26-9.el7.s390x.rpm

x86_64:
gnutls-3.3.26-9.el7.i686.rpm
gnutls-3.3.26-9.el7.x86_64.rpm
gnutls-c++-3.3.26-9.el7.i686.rpm
gnutls-c++-3.3.26-9.el7.x86_64.rpm
gnutls-dane-3.3.26-9.el7.i686.rpm
gnutls-dane-3.3.26-9.el7.x86_64.rpm
gnutls-debuginfo-3.3.26-9.el7.i686.rpm
gnutls-debuginfo-3.3.26-9.el7.x86_64.rpm
gnutls-devel-3.3.26-9.el7.i686.rpm
gnutls-devel-3.3.26-9.el7.x86_64.rpm
gnutls-utils-3.3.26-9.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
gnutls-3.3.26-9.el7.src.rpm

x86_64:
gnutls-3.3.26-9.el7.i686.rpm
gnutls-3.3.26-9.el7.x86_64.rpm
gnutls-c++-3.3.26-9.el7.i686.rpm
gnutls-c++-3.3.26-9.el7.x86_64.rpm
gnutls-dane-3.3.26-9.el7.i686.rpm
gnutls-dane-3.3.26-9.el7.x86_64.rpm
gnutls-debuginfo-3.3.26-9.el7.i686.rpm
gnutls-debuginfo-3.3.26-9.el7.x86_64.rpm
gnutls-devel-3.3.26-9.el7.i686.rpm
gnutls-devel-3.3.26-9.el7.x86_64.rpm
gnutls-utils-3.3.26-9.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2016-7444
https://access.redhat.com/security/cve/CVE-2017-5334
https://access.redhat.com/security/cve/CVE-2017-5335
https://access.redhat.com/security/cve/CVE-2017-5336
https://access.redhat.com/security/cve/CVE-2017-5337
https://access.redhat.com/security/cve/CVE-2017-7507
https://access.redhat.com/security/cve/CVE-2017-7869
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.4_Release_Notes/index.html

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2017 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFZgEFgXlSAg2UNWIIRAqh2AKCpwXIG8eqc/IfOioK3AUrscf34BgCfTknt
GfEfdU4xs9LDm6SxKZ8bTcA=
=IeEy
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWYFViYx+lLeg9Ub1AQiqTw//d/xN7YUoj5lNfGqPM9u5vMM5JjnNbgpG
As5WGDAOiftkW/pEndlIKX11Pm3qS2NpqBu0w5+nLFMZiPmMS6zXeM9QnvRlUhwG
JqQw2Cg+bToQqxHE83B24L1OvkKrFtOC6LhYhofHYc23CB4dtfU5rQ4fLTcRGpu3
GtpTYsCXZM8QKpMhQcCqWG31fnnCCtYWVMPVLQeo04aUo04yywXmSqH+Gx5xwZs6
XxJdIjGlUbxxQ5DVsvOZPjdxvHj4WAqVcnBpgERYp7uin6LP8fbrDry0prJxK2i+
9V7WjByz7qW0qVrnm2u8/nBgOFiVDs5onMnRXlMyoOfkmDEo7aMu0EAkMzja4sWe
EypCO9wjEmGOgHaSlJwS7dw0zPxDuks/K0kwmYuUhuKXPgM0Irvht7xWKXB3FIAN
v5ik7/mDFJHW7SIZQZV6EnAVzzojZv+aHW3yhTWhcwWXQwYDJr3zEnRHxDPUMrPK
YUxmDnurquRt7rsNpK2VnsfXDyz6x13V7w3dyTWAeZPy41t8xuhjYAsMtTkf4XTu
pDbIkqj3XD/NPjlCGuKuFxtEULJNoGtLLtFa8bc8kam3s3WB0Nz+gETS2t7lq0J8
ayseWlvTnRQyZYMeF3ftfkN8KDnRC6rmyuIEj0ef7kSttv5qVExHwQxn8VkK6aHR
fgTF4hzloz0=
=huNv
-----END PGP SIGNATURE-----

« Back to bulletins