Bug 1069865 (CVE-2014-0092)
| Summary: | CVE-2014-0092 gnutls: incorrect error handling in certificate verification (GNUTLS-SA-2014-2) | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> | ||||
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
| Status: | CLOSED ERRATA | QA Contact: | |||||
| Severity: | high | Docs Contact: | |||||
| Priority: | high | ||||||
| Version: | unspecified | CC: | erik-fedora, jkurik, jorton, jrusnack, ktietz, mike, nmavrogi, pfrields, rjones, seceng-idm-qe-list, security-response-team, tmraz, vg.aetera | ||||
| Target Milestone: | --- | Keywords: | Security | ||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | gnutls 3.1.22, gnutls 3.2.12 | Doc Type: | Bug Fix | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2014-03-03 19:07:34 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | 1069888, 1069889, 1069890, 1069891, 1071795, 1071796, 1071797, 1071815, 1072808, 1072810, 1072812, 1072813, 1072814, 1072815, 1072864 | ||||||
| Bug Blocks: | 1065093 | ||||||
| Attachments: |
|
||||||
|
Description
Tomas Hoger
2014-02-25 19:50:59 UTC
Acknowledgment: This issue was discovered by Nikos Mavrogiannopoulos of the Red Hat Security Technologies Team. Created attachment 867911 [details]
Patch from Nikos
Fixed upstream in GnuTLS 3.1.22 and 3.2.12: http://lists.gnutls.org/pipermail/gnutls-devel/2014-March/006794.html http://lists.gnutls.org/pipermail/gnutls-devel/2014-March/006795.html Upstream advisory id is: GNUTLS-SA-2014-2 http://gnutls.org/security.html#GNUTLS-SA-2014-2 Upstream commits (3.2.x, 3.1.x, 2.12.x): https://www.gitorious.org/gnutls/gnutls/commit/855127da290a280df839038671ae6aba01957736 https://www.gitorious.org/gnutls/gnutls/commit/a79aed24327cfb2771062956399d5a54ede1e923 https://www.gitorious.org/gnutls/gnutls/commit/6aa26f78150ccbdf0aec1878a41c17c41d358a3b Created mingw-gnutls tracking bugs for this issue: Affects: fedora-all [bug 1071796] Created gnutls tracking bugs for this issue: Affects: fedora-all [bug 1071795] Created mingw32-gnutls tracking bugs for this issue: Affects: epel-5 [bug 1071797] This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2014:0247 https://rhn.redhat.com/errata/RHSA-2014-0247.html This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2014:0246 https://rhn.redhat.com/errata/RHSA-2014-0246.html gnutls-3.1.20-4.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report. This issue has been addressed in following products: Red Hat Enterprise Linux 5.3 Long Life Red Hat Enterprise Linux 5.9 EUS - Server Only Red Hat Enterprise Linux 6.2 LongLife Red Hat Enterprise Linux 6.4 EUS - Server and Compute Node Only Red Hat Enterprise Linux 4 Extended Lifecycle Support Red Hat Enterprise Linux 5.6 Long Life Red Hat Enterprise Linux 6.3 EUS - Server and Compute Node Only Via RHSA-2014:0288 https://rhn.redhat.com/errata/RHSA-2014-0288.html mingw-gnutls-3.1.22-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report. mingw-gnutls-3.1.22-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report. This issue has been addressed in following products: RHEV-H and Agents for RHEL-6 Via RHSA-2014:0339 https://rhn.redhat.com/errata/RHSA-2014-0339.html |