SUSE-SU-2014:0320-1: critical: Security update for gnutls

Mon Mar 3 17:04:49 MST 2014

   SUSE Security Update: Security update for gnutls
______________________________________________________________________________

Announcement ID:    SUSE-SU-2014:0320-1
Rating:             critical
References:         #536809 #554084 #659128 #739898 #753301 #754223 
                    #802651 #821818 #865804 #865993 
Cross-References:   CVE-2009-5138 CVE-2011-4108 CVE-2012-0390
                    CVE-2012-1569 CVE-2012-1573 CVE-2013-0169
                    CVE-2013-1619 CVE-2013-2116 CVE-2014-0092

Affected Products:
                    SUSE Linux Enterprise Server 10 SP3 LTSS
______________________________________________________________________________

   An update that solves 9 vulnerabilities and has one errata
   is now available.

Description:

   The GnuTLS library received a critical security fix and
   other updates:

   * CVE-2014-0092: The X.509 certificate verification had
   incorrect error handling, which could lead to broken
   certificates marked as being valid.
   * CVE-2009-5138: A verification problem in handling V1
   certificates could also lead to V1 certificates incorrectly
   being handled.
   * CVE-2013-2116: The _gnutls_ciphertext2compressed
   function in lib/gnutls_cipher.c in GnuTLS allowed remote
   attackers to cause a denial of service (buffer over-read
   and crash) via a crafted padding length.
   * CVE-2013-1619: The TLS implementation in GnuTLS did
   not properly consider timing side-channel attacks on a
   noncompliant MAC check operation during the processing of
   malformed CBC padding, which allows remote attackers to
   conduct distinguishing attacks and plaintext-recovery
   attacks via statistical analysis of timing data for crafted
   packets, a related issue to CVE-2013-0169. (Lucky13)
   * CVE-2012-1569: The asn1_get_length_der function in
   decoding.c in GNU Libtasn1 , as used in GnuTLS did not
   properly handle certain large length values, which allowed
   remote attackers to cause a denial of service (heap memory
   corruption and application crash) or possibly have
   unspecified other impact via a crafted ASN.1 structure.
   * CVE-2012-1573: gnutls_cipher.c in libgnutls in GnuTLS
   did not properly handle data encrypted with a block cipher,
   which allowed remote attackers to cause a denial of service
   (heap memory corruption and application crash) via a
   crafted record, as demonstrated by a crafted
   GenericBlockCipher structure.
   * CVE-2012-0390: The DTLS implementation in GnuTLS
   executed certain error-handling code only if there is a
   specific relationship between a padding length and the
   ciphertext size, which made it easier for remote attackers
   to recover partial plaintext via a timing side-channel
   attack, a related issue to CVE-2011-4108.

   Also some non security bugs have been fixed:

   * Did some more s390x size_t vs int fixes. (bnc#536809,
   bnc#659128)
   * re-enabled "legacy negotiation" (bnc#554084)
   * fix safe-renegotiation for sle10sp3 and sle10sp4 bug
   (bnc#554084)
   * fix bug bnc#536809, fix gnutls-cli to abort
   connection after detecting a bad certificate

   Security Issue references:

   * CVE-2009-5138
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5138
   >
   * CVE-2011-4108
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4108
   >
   * CVE-2012-0390
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0390
   >
   * CVE-2012-1569
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1569
   >
   * CVE-2012-1573
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1573
   >
   * CVE-2013-0169
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169
   >
   * CVE-2013-1619
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1619
   >
   * CVE-2013-2116
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2116
   >
   * CVE-2014-0092
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0092
   >

Package List:

   - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64):

      gnutls-1.2.10-13.38.1
      gnutls-devel-1.2.10-13.38.1

   - SUSE Linux Enterprise Server 10 SP3 LTSS (s390x x86_64):

      gnutls-32bit-1.2.10-13.38.1
      gnutls-devel-32bit-1.2.10-13.38.1

References:

   http://support.novell.com/security/cve/CVE-2009-5138.html
   http://support.novell.com/security/cve/CVE-2011-4108.html
   http://support.novell.com/security/cve/CVE-2012-0390.html
   http://support.novell.com/security/cve/CVE-2012-1569.html
   http://support.novell.com/security/cve/CVE-2012-1573.html
   http://support.novell.com/security/cve/CVE-2013-0169.html
   http://support.novell.com/security/cve/CVE-2013-1619.html
   http://support.novell.com/security/cve/CVE-2013-2116.html
   http://support.novell.com/security/cve/CVE-2014-0092.html
   https://bugzilla.novell.com/536809
   https://bugzilla.novell.com/554084
   https://bugzilla.novell.com/659128
   https://bugzilla.novell.com/739898
   https://bugzilla.novell.com/753301
   https://bugzilla.novell.com/754223
   https://bugzilla.novell.com/802651
   https://bugzilla.novell.com/821818
   https://bugzilla.novell.com/865804
   https://bugzilla.novell.com/865993
   http://download.novell.com/patch/finder/?keywords=3be1f1e8cc06d24d3e6d4ba2c4abdea4