openSUSE-SU-2017:0386

92893

RHSA-2017:2292

https://gitlab.com/gnutls/gnutls/commit/964632f37dfdfb914ebc5e49db4fa29af35b1de9

[gnutls-devel] 20160902 OCSP certificate check

https://www.gnutls.org/security.html

An update of the gnutls package has been released.

An update of [freetype2,tar,gnutls,linux] packages for PhotonOS has been released.

According to the versions of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - A double-free flaw was found in the way GnuTLS parsed     certain X.509 certificates with Proxy Certificate     Information extension. An attacker could create a     specially-crafted certificate which, when processed by     an application compiled against GnuTLS, could cause     that application to crash. (CVE-2017-5334)

  - Multiple flaws were found in the way gnutls processed     OpenPGP certificates. An attacker could create     specially crafted OpenPGP certificates which, when     parsed by gnutls, would cause it to crash.
    (CVE-2017-5335, CVE-2017-5336, CVE-2017-5337,     CVE-2017-7869)

  - A null pointer dereference flaw was found in the way     GnuTLS processed ClientHello messages with     status_request extension. A remote attacker could use     this flaw to cause an application compiled with GnuTLS     to crash. (CVE-2017-7507)

  - A flaw was found in the way GnuTLS validated     certificates using OCSP responses. This could falsely     report a certificate as valid under certain     circumstances. (CVE-2016-7444)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An update for gnutls is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS.

The following packages have been upgraded to a later upstream version:
gnutls (3.3.26). (BZ#1378373)

Security Fix(es) :

* A double-free flaw was found in the way GnuTLS parsed certain X.509 certificates with Proxy Certificate Information extension. An attacker could create a specially crafted certificate which, when processed by an application compiled against GnuTLS, could cause that application to crash. (CVE-2017-5334)

* Multiple flaws were found in the way gnutls processed OpenPGP certificates. An attacker could create specially crafted OpenPGP certificates which, when parsed by gnutls, would cause it to crash.
(CVE-2017-5335, CVE-2017-5336, CVE-2017-5337, CVE-2017-7869)

* A NULL pointer dereference flaw was found in the way GnuTLS processed ClientHello messages with status_request extension. A remote attacker could use this flaw to cause an application compiled with GnuTLS to crash. (CVE-2017-7507)

* A flaw was found in the way GnuTLS validated certificates using OCSP responses. This could falsely report a certificate as valid under certain circumstances. (CVE-2016-7444)

The CVE-2017-7507 issue was discovered by Hubert Kario (Red Hat QE BaseOS Security team).

Additional Changes :

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.

The following packages have been upgraded to a later upstream version:
gnutls (3.3.26).

Security Fix(es) :

  - A double-free flaw was found in the way GnuTLS parsed     certain X.509 certificates with Proxy Certificate     Information extension. An attacker could create a     specially crafted certificate which, when processed by     an application compiled against GnuTLS, could cause that     application to crash. (CVE-2017-5334)

  - Multiple flaws were found in the way gnutls processed     OpenPGP certificates. An attacker could create specially     crafted OpenPGP certificates which, when parsed by     gnutls, would cause it to crash. (CVE-2017-5335,     CVE-2017-5336, CVE-2017-5337, CVE-2017-7869)

  - A NULL pointer dereference flaw was found in the way     GnuTLS processed ClientHello messages with     status_request extension. A remote attacker could use     this flaw to cause an application compiled with GnuTLS     to crash. (CVE-2017-7507)

  - A flaw was found in the way GnuTLS validated     certificates using OCSP responses. This could falsely     report a certificate as valid under certain     circumstances. (CVE-2016-7444)

From Red Hat Security Advisory 2017:2292 :

An update for gnutls is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS.

The following packages have been upgraded to a later upstream version:
gnutls (3.3.26). (BZ#1378373)

Security Fix(es) :

* A double-free flaw was found in the way GnuTLS parsed certain X.509 certificates with Proxy Certificate Information extension. An attacker could create a specially crafted certificate which, when processed by an application compiled against GnuTLS, could cause that application to crash. (CVE-2017-5334)

* Multiple flaws were found in the way gnutls processed OpenPGP certificates. An attacker could create specially crafted OpenPGP certificates which, when parsed by gnutls, would cause it to crash.
(CVE-2017-5335, CVE-2017-5336, CVE-2017-5337, CVE-2017-7869)

* A NULL pointer dereference flaw was found in the way GnuTLS processed ClientHello messages with status_request extension. A remote attacker could use this flaw to cause an application compiled with GnuTLS to crash. (CVE-2017-7507)

* A flaw was found in the way GnuTLS validated certificates using OCSP responses. This could falsely report a certificate as valid under certain circumstances. (CVE-2016-7444)

The CVE-2017-7507 issue was discovered by Hubert Kario (Red Hat QE BaseOS Security team).

Additional Changes :

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.

USN-3183-1 fixed CVE-2016-8610 in GnuTLS in Ubuntu 16.04 LTS and Ubuntu 16.10. This update provides the corresponding update for Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.

Stefan Buehler discovered that GnuTLS incorrectly verified the serial length of OCSP responses. A remote attacker could possibly use this issue to bypass certain certificate validation measures. This issue only applied to Ubuntu 16.04 LTS. (CVE-2016-7444)

Shi Lei discovered that GnuTLS incorrectly handled certain warning alerts. A remote attacker could possibly use this issue to cause GnuTLS to hang, resulting in a denial of service. This issue has only been addressed in Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-8610)

It was discovered that GnuTLS incorrectly decoded X.509 certificates with a Proxy Certificate Information extension.
A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2017-5334)

It was discovered that GnuTLS incorrectly handled certain OpenPGP certificates. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2017-5335, CVE-2017-5336, CVE-2017-5337).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for gnutls fixes the following security issues :

  - GnuTLS could have crashed when processing maliciously     crafted OpenPGP certificates (GNUTLS-SA-2017-2,     bsc#1018832, CVE-2017-5335, CVE-2017-5337,     CVE-2017-5336)

  - GnuTLS could have falsely accepted certificates when     using OCSP (GNUTLS-SA-2016-3, bsc#999646, CVE-2016-7444)

  - GnuTLS could have suffered from 100% CPU load DoS     attacks by using SSL alert packets during the handshake     (bsc#1005879, CVE-2016-8610)

This update was imported from the SUSE:SLE-12:Update update project.

Stefan Buehler discovered that GnuTLS incorrectly verified the serial length of OCSP responses. A remote attacker could possibly use this issue to bypass certain certificate validation measures. This issue only applied to Ubuntu 16.04 LTS. (CVE-2016-7444)

Shi Lei discovered that GnuTLS incorrectly handled certain warning alerts. A remote attacker could possibly use this issue to cause GnuTLS to hang, resulting in a denial of service. This issue has only been addressed in Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2016-8610)

It was discovered that GnuTLS incorrectly decoded X.509 certificates with a Proxy Certificate Information extension. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2017-5334)

It was discovered that GnuTLS incorrectly handled certain OpenPGP certificates. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-5335, CVE-2017-5336, CVE-2017-5337).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for gnutls fixes the following security issues :

  - GnuTLS could have crashed when processing maliciously     crafted OpenPGP certificates (GNUTLS-SA-2017-2,     bsc#1018832, CVE-2017-5335, CVE-2017-5337,     CVE-2017-5336)

  - GnuTLS could have falsely accepted certificates when     using OCSP (GNUTLS-SA-2016-3, bsc#999646, CVE-2016-7444)

  - GnuTLS could have suffered from 100% CPU load DoS     attacks by using SSL alert packets during the handshake     (bsc#1005879, CVE-2016-8610)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

New upstream release

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

https://lists.gnupg.org/pipermail/gnutls-devel/2016-September/008153.h tml

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
121688	Photon OS 1.0: Gnutls PHSA-2017-0015	Nessus	PhotonOS Local Security Checks	high
111864	Photon OS 1.0: Freetype2 / Gnutls / Linux / Tar PHSA-2017-0015 (deprecated)	Nessus	PhotonOS Local Security Checks	high
103062	EulerOS 2.0 SP2 : gnutls (EulerOS-SA-2017-1204)	Nessus	Huawei Local Security Checks	high
103061	EulerOS 2.0 SP1 : gnutls (EulerOS-SA-2017-1203)	Nessus	Huawei Local Security Checks	high
102759	CentOS 7 : gnutls (CESA-2017:2292)	Nessus	CentOS Local Security Checks	high
102642	Scientific Linux Security Update : gnutls on SL7.x x86_64	Nessus	Scientific Linux Local Security Checks	high
102303	Oracle Linux 7 : gnutls (ELSA-2017-2292)	Nessus	Oracle Linux Local Security Checks	high
102116	RHEL 7 : gnutls (RHSA-2017:2292)	Nessus	Red Hat Local Security Checks	high
97853	Ubuntu 12.04 LTS / 14.04 LTS : gnutls26 vulnerability (USN-3183-2)	Nessus	Ubuntu Local Security Checks	high
97004	openSUSE Security Update : gnutls (openSUSE-2017-207)	Nessus	SuSE Local Security Checks	high
96952	Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : gnutls26, gnutls28 vulnerabilities (USN-3183-1)	Nessus	Ubuntu Local Security Checks	high
96950	SUSE SLED12 / SLES12 Security Update : gnutls (SUSE-SU-2017:0348-1)	Nessus	SuSE Local Security Checks	high
94862	Fedora 25 : gnutls (2016-cafdfdf58c)	Nessus	Fedora Local Security Checks	medium
94844	Fedora 25 : mingw-gnutls (2016-a1e5b2331a)	Nessus	Fedora Local Security Checks	medium
93492	Fedora 24 : gnutls (2016-e1589894e8)	Nessus	Fedora Local Security Checks	medium
93489	Fedora 23 : gnutls (2016-2edb9adec8)	Nessus	Fedora Local Security Checks	medium

CVE-2016-7444

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins