ALAS-2015-575


Amazon Linux AMI Security Advisory: ALAS-2015-575
Advisory Release Date: 2015-08-04 17:48 Pacific
Severity: Medium

Issue Overview:

It was found that GnuTLS did not check activation and expiration dates of CA certificates. This could cause an application using GnuTLS to incorrectly accept a certificate as valid when its issuing CA is already expired. (CVE-2014-8155 )

It was found that GnuTLS did not verify whether a hashing algorithm listed in a signature matched the hashing algorithm listed in the certificate. An attacker could create a certificate that used a different hashing algorithm than it claimed, possibly causing GnuTLS to use an insecure, disallowed hashing algorithm during certificate verification. (CVE-2015-0282 )

It was discovered that GnuTLS did not check if all sections of X.509 certificates indicate the same signature algorithm. This flaw, in combination with a different flaw, could possibly lead to a bypass of the certificate signature check. (CVE-2015-0294 )


Affected Packages:

gnutls


Issue Correction:
Run yum update gnutls to update your system.

New Packages:
i686:
    gnutls-2.8.5-18.14.amzn1.i686
    gnutls-debuginfo-2.8.5-18.14.amzn1.i686
    gnutls-devel-2.8.5-18.14.amzn1.i686
    gnutls-guile-2.8.5-18.14.amzn1.i686
    gnutls-utils-2.8.5-18.14.amzn1.i686

src:
    gnutls-2.8.5-18.14.amzn1.src

x86_64:
    gnutls-debuginfo-2.8.5-18.14.amzn1.x86_64
    gnutls-guile-2.8.5-18.14.amzn1.x86_64
    gnutls-utils-2.8.5-18.14.amzn1.x86_64
    gnutls-2.8.5-18.14.amzn1.x86_64
    gnutls-devel-2.8.5-18.14.amzn1.x86_64