It was reported that gnutls in RHEL 6 and 5 has a flaw which could lead to an RSA PKCS#1 signature verification forgery. That is, gnutls doesn't verify the match of the hash algorithm listed in signature with the algorithm listed in the certificate, and that could allow a certificate to be signed with MD5 even when the algorithm is prohibited. This issue was fixed in gnutls 3.1.0.
Created attachment 997548 [details] Proposed patch for 2.8.5
Public via: http://www.gnutls.org/security.html#GNUTLS-SA-2015-1
Acknowledgment: This issue was discovered by Nikos Mavrogiannopoulos of the Red Hat Security Technologies Team.
Nikos, I used your patch to on top of gnutls2.8.6-1+squeeze4 (for Debian LTS support) but it doesn't seem to be fully working yet. At least I can't get the test case to succeed: https://gitlab.com/gnutls/gnutls/commit/58d7dde8a8a6fce1a8aa9aeb29f2247212fe5acd Before the patch, I get this: $ certtool -e --infile /tmp/invalid-sig.pem Certificate[0]: CN=Different sig in PKCS #1 Issued by: CN=GnuTLS Test CA Verifying against certificate[1]. Verification output: Verified. Certificate[1]: CN=GnuTLS Test CA Issued by: CN=GnuTLS Test CA Verification output: Verified. Chain verification output: Verified. After the patch I get this: $ certtool -e --infile /tmp/invalid-sig.pem Certificate[0]: CN=Different sig in PKCS #1 Issued by: CN=GnuTLS Test CA Verifying against certificate[1]. Verification output: Not verified. Certificate[1]: CN=GnuTLS Test CA Issued by: CN=GnuTLS Test CA Verification output: Verified. Chain verification output: Not verified. $ echo $? 0 So the certificate is (as expected) not verified but this doesn't result in an error at the certtool level. Maybe it's just a bug in the old version of certtool... but I thought that it was worth pointing out.
(In reply to Raphaël Hertzog from comment #7) > Chain verification output: Not verified. > $ echo $? > 0 > So the certificate is (as expected) not verified but this doesn't result in > an error at the certtool level. Maybe it's just a bug in the old version of > certtool... but I thought that it was worth pointing out. Indeed, certtool in 2.8.6 doesn't exit with error code on verification errors.
Statement: This issue did not affect the version of gnutls package as shipped with Red Hat Enterprise Linux 7. This issue affects the version of gnutls package as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Extended Life Cycle phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2015:1457 https://rhn.redhat.com/errata/RHSA-2015-1457.html