Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Scientific Linux: SLSA-2016:0012-1 Moderate: gnutls Man-In-The-Middle Issue

Calendar Jan 08, 2016 User Avatar LinuxSecurity Advisories
2 - 3 min read
Scientific Large Esm H500
Topics%20covered

Topics Covered

security advisory moderate man-in-the-middle gnutls tls scientific linux
Moderate: gnutls security update 
Date: Fri, 8 Jan 2016 14:32:35 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Moderate: gnutls on SL6.x, SL7.x i386/x86_64
MIME-Version: 1.0
Message-ID: <20160108143235.26280.50255@slpackages.fnal.gov>

Synopsis: Moderate: gnutls security update
Advisory ID: SLSA-2016:0012-1
Issue Date: 2016-01-07
CVE Numbers: CVE-2015-7575
--

A flaw was found in the way TLS 1.2 could use the MD5 hash function for
signing ServerKeyExchange and Client Authentication packets during a TLS
handshake. A man-in-the-middle attacker able to force a TLS connection to
use the MD5 hash function could use this flaw to conduct collision attacks
to impersonate a TLS server or an authenticated TLS client.
(CVE-2015-7575)

For the update to take effect, all applications linked to the GnuTLS
library must be restarted.
--

SL6
 x86_64
 gnutls-2.8.5-19.el6_7.i686.rpm
 gnutls-2.8.5-19.el6_7.x86_64.rpm
 gnutls-debuginfo-2.8.5-19.el6_7.i686.rpm
 gnutls-debuginfo-2.8.5-19.el6_7.x86_64.rpm
 gnutls-utils-2.8.5-19.el6_7.x86_64.rpm
 gnutls-devel-2.8.5-19.el6_7.i686.rpm
 gnutls-devel-2.8.5-19.el6_7.x86_64.rpm
 gnutls-guile-2.8.5-19.el6_7.i686.rpm
 gnutls-guile-2.8.5-19.el6_7.x86_64.rpm
 i386
 gnutls-2.8.5-19.el6_7.i686.rpm
 gnutls-debuginfo-2.8.5-19.el6_7.i686.rpm
 gnutls-utils-2.8.5-19.el6_7.i686.rpm
 gnutls-devel-2.8.5-19.el6_7.i686.rpm
 gnutls-guile-2.8.5-19.el6_7.i686.rpm
SL7
 x86_64
 gnutls-3.3.8-14.el7_2.i686.rpm
 gnutls-3.3.8-14.el7_2.x86_64.rpm
 gnutls-dane-3.3.8-14.el7_2.i686.rpm
 gnutls-dane-3.3.8-14.el7_2.x86_64.rpm
 gnutls-debuginfo-3.3.8-14.el7_2.i686.rpm
 gnutls-debuginfo-3.3.8-14.el7_2.x86_64.rpm
 gnutls-utils-3.3.8-14.el7_2.x86_64.rpm
 gnutls-c++-3.3.8-14.el7_2.i686.rpm
 gnutls-c++-3.3.8-14.el7_2.x86_64.rpm
 gnutls-devel-3.3.8-14.el7_2.i686.rpm
 gnutls-devel-3.3.8-14.el7_2.x86_64.rpm

- Scientific Linux Development Team

Related News

Your message here