Bugzilla – Bug 865993
VUL-0: CVE-2009-5138: gnutls: incorrect handling of V1 intermediate certificates
Last modified: 2014-03-25 18:05:11 UTC
CVE-2009-5138 While investigating GnuTLS issue CVE-2014-1959 (bnc#863989), it was discovered that older versions of GnuTLS were affected by the same problem, with a different root cause. When using default certificate verification settings, GnuTLS accepted version 1 X.509 certificates as intermediate CAs. An attacker able to obtain a V1 certificate from a CA trusted by application could generate certificates for other hosts or users that would be accepted by GnuTLS. This issue affected GnuTLS versions before 2.7.6. Problem was reported in the following post: http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351/focus=3361 and fixed upstream via: https://gitorious.org/gnutls/gnutls/commit/c8dcbedd1fdc312f5b1a70fcfbc1afe235d800cd This did not affect applications that used GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT verification flag, which instructs GnuTLS to allow root CA certificates to be version 1 certificates. This was set by e.g. gnutls-cli client application in GnuTLS versions affected by this bug. References: https://bugzilla.redhat.com/show_bug.cgi?id=1069301
SLES 9 is not affected by this problem, the xor code is not present.
Update released for: gnutls, gnutls-debuginfo, gnutls-debugsource, libgnutls-devel, libgnutls-extra-devel, libgnutls-extra26, libgnutls26, libgnutls26-32bit, libgnutls26-x86 Products: SLE-DEBUGINFO 11-SP1 (i386, s390x, x86_64) SLE-SERVER 11-SP1-LTSS (i386, s390x, x86_64)
Update released for: gnutls, gnutls-32bit, gnutls-debuginfo, gnutls-devel, gnutls-devel-32bit, gnutls-x86 Products: SLE-DEBUGINFO 10-SP4 (i386, s390x, x86_64) SLE-SERVER 10-SP4-LTSS (i386, s390x, x86_64)
Update released for: gnutls, gnutls-32bit, gnutls-debuginfo, gnutls-devel, gnutls-devel-32bit, gnutls-x86 Products: SLE-DEBUGINFO 10-SP3 (i386, s390x, x86_64) SLE-SERVER 10-SP3-LTSS (i386, s390x, x86_64)
Update released for: gnutls, gnutls-debuginfo, gnutls-debugsource, libgnutls-devel, libgnutls-extra-devel, libgnutls-extra26, libgnutls26, libgnutls26-32bit, libgnutls26-64bit, libgnutls26-x86 Products: SLE-DEBUGINFO 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLE-DESKTOP 11-SP3 (i386, x86_64) SLE-HAE 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLE-SDK 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLES4VMWARE 11-SP3 (i386, x86_64)
Update released for: gnutls, gnutls-debuginfo, gnutls-debugsource, libgnutls-devel, libgnutls-extra-devel, libgnutls-extra26, libgnutls26, libgnutls26-32bit, libgnutls26-x86 Products: SLE-DEBUGINFO 11-SP2 (i386, s390x, x86_64) SLE-SERVER 11-SP2-LTSS (i386, s390x, x86_64)
Update released for: gnutls, gnutls-debuginfo, gnutls-debugsource, libgnutls-devel, libgnutls-extra-devel, libgnutls-extra26, libgnutls26 Products: SLE-DEBUGINFO 11-SP1-TERADATA (x86_64) SLE-SERVER 11-SP1-TERADATA (x86_64)
Update released for: gnutls, gnutls-debuginfo, gnutls-devel Products: SLE-DEBUGINFO 10-SP3-TERADATA (x86_64) SLE-SERVER 10-SP3-TERADATA (x86_64)
SUSE-SU-2014:0319-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (critical) Bug References: 835760,865804,865993 CVE References: CVE-2009-5138,CVE-2014-0092 Sources used: SUSE Linux Enterprise Software Development Kit 11 SP3 (src): gnutls-2.4.1-24.39.49.1 SUSE Linux Enterprise Server 11 SP3 for VMware (src): gnutls-2.4.1-24.39.49.1 SUSE Linux Enterprise Server 11 SP3 (src): gnutls-2.4.1-24.39.49.1 SUSE Linux Enterprise High Availability Extension 11 SP3 (src): gnutls-2.4.1-24.39.49.1 SUSE Linux Enterprise Desktop 11 SP3 (src): gnutls-2.4.1-24.39.49.1
SUSE-SU-2014:0320-1: An update that solves 9 vulnerabilities and has one errata is now available. Category: security (critical) Bug References: 536809,554084,659128,739898,753301,754223,802651,821818,865804,865993 CVE References: CVE-2009-5138,CVE-2011-4108,CVE-2012-0390,CVE-2012-1569,CVE-2012-1573,CVE-2013-0169,CVE-2013-1619,CVE-2013-2116,CVE-2014-0092 Sources used: SUSE Linux Enterprise Server 10 SP3 LTSS (src): gnutls-1.2.10-13.38.1
SUSE-SU-2014:0321-1: An update that solves one vulnerability and has one errata is now available. Category: security (critical) Bug References: 865804,865993 CVE References: CVE-2014-0092 Sources used: SUSE Linux Enterprise Server 10 SP4 LTSS (src): gnutls-1.2.10-13.38.1
SUSE-SU-2014:0322-1: An update that solves four vulnerabilities and has two fixes is now available. Category: security (critical) Bug References: 760265,802651,821818,835760,865804,865993 CVE References: CVE-2009-5138,CVE-2013-1619,CVE-2013-2116,CVE-2014-0092 Sources used: SUSE Linux Enterprise Server 11 SP1 LTSS (src): gnutls-2.4.1-24.39.49.1
SUSE-SU-2014:0323-1: An update that solves one vulnerability and has two fixes is now available. Category: security (critical) Bug References: 835760,865804,865993 CVE References: CVE-2014-0092 Sources used: SUSE Linux Enterprise Server 11 SP2 LTSS (src): gnutls-2.4.1-24.39.49.1
all released
Update released for: gnutls, gnutls-debuginfo, gnutls-debugsource, libgnutls-devel, libgnutls-extra-devel, libgnutls-extra26, libgnutls26, libgnutls26-32bit, libgnutls26-x86 Products: SUSE-MANAGER 1.7 (x86_64)
SUSE-SU-2014:0445-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (important) Bug References: 835760,865804,865993 CVE References: CVE-2009-5138,CVE-2014-0092 Sources used: SUSE Manager 1.7 for SLE 11 SP2 (src): gnutls-2.4.1-24.39.49.1