SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (VPN)  >   GnuTLS Vendors:   gnutls.org
(CentOS Issues Fix for GnuTLS) Mozilla Firefox MD5 Signature Support in TLS ServerKeyExchange Messages Exposes Users to Hash Collision Forgery Attacks
SecurityTracker Alert ID:  1034638
SecurityTracker URL:  http://securitytracker.com/id/1034638
CVE Reference:   CVE-2015-7575   (Links to External Site)
Date:  Jan 9 2016
Impact:   Modification of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Mozilla Firefox. A remote user can conduct hash collision forgery attacks. GnuTLS is affected.

The system allows the use of MD5 server signatures in a TLS 1.2 ServerKeyExchange message. As a result, the system may be subject to hash collision forgery attacks.

Karthikeyan Bhargavan reported this vulnerability.

Impact:   A remote user can conduct hash collision forgery attacks.
Solution:   CentOS has issued a fix for GnuTLS.

i386:
0eb31a49120fa25c404589fd876c9d7cfc4aeef7cd7b2a2a2d24711e967f8279 gnutls-2.8.5-19.el6_7.i686.rpm
d22dfa913e478b539e1f7b5320b4d86d2457a5824132572fc1d6acabffd95cb6 gnutls-devel-2.8.5-19.el6_7.i686.rpm
95b9d374cee86ebbb1bf66bc28768436b7cab6c79cc8dd2a15cea2c2955333bd gnutls-guile-2.8.5-19.el6_7.i686.rpm
0fae500124573d8553d0c5271f56034b1f57d7c401bd66a3acaf0d261dcff5ee gnutls-utils-2.8.5-19.el6_7.i686.rpm

x86_64:
0eb31a49120fa25c404589fd876c9d7cfc4aeef7cd7b2a2a2d24711e967f8279 gnutls-2.8.5-19.el6_7.i686.rpm
93478fbb225e309223547a6cfe0c0fdffe7e67d8c6fa41a25a75ad3b5aef516f gnutls-2.8.5-19.el6_7.x86_64.rpm
d22dfa913e478b539e1f7b5320b4d86d2457a5824132572fc1d6acabffd95cb6 gnutls-devel-2.8.5-19.el6_7.i686.rpm
fe099db8392403aab03e9113f587ef1ea61cd6cd11bb21bda8f9dbc81e152575 gnutls-devel-2.8.5-19.el6_7.x86_64.rpm
95b9d374cee86ebbb1bf66bc28768436b7cab6c79cc8dd2a15cea2c2955333bd gnutls-guile-2.8.5-19.el6_7.i686.rpm
8bd6cce01af65e8479615f4072491fea767b18ea15b6249956542e53199284f9 gnutls-guile-2.8.5-19.el6_7.x86_64.rpm
6e8ad5e215f169dea7f244157507ab12d625c6f7c7a8e7c93e5965d17672f72c gnutls-utils-2.8.5-19.el6_7.x86_64.rpm

Source:
a562cd4f57e2d3a65a61a233190b1efa90750a3ec2a8f63301222d65928dfb1d gnutls-2.8.5-19.el6_7.src.rpm

x86_64:
b2a82e473add3e5dbda27c34d836ab84b7c6b922a6038638b25ad62fe1952273 gnutls-3.3.8-14.el7_2.i686.rpm
9a6b1d3d392510c197bfb56ac57cb1451944f30a009bd7c4dabd86702089299a gnutls-3.3.8-14.el7_2.x86_64.rpm
3a5715bfd26465379e920096eb9a943243b77a5482a1e8d01d2f85c3524f4212 gnutls-c++-3.3.8-14.el7_2.i686.rpm
6a98718e41fec93c4bdf8c9413ad8b2c473e51054ed2ce0fc84aa65402cf1816 gnutls-c++-3.3.8-14.el7_2.x86_64.rpm
184de890568eec5b01850247042748e53ca4c6b2203bfdeee62d681ba3256d33 gnutls-dane-3.3.8-14.el7_2.i686.rpm
bd0bb7d7ff68850e0e343aa248c8a232cbd2bffc9ff4e15948ccf4db1ca2650c gnutls-dane-3.3.8-14.el7_2.x86_64.rpm
59ba9c4eef4dfe9ae9637935ed675acfa3ca9fcec4c3a5b477babca7a778835b gnutls-devel-3.3.8-14.el7_2.i686.rpm
b8c26b45b9e1062a4e6da241612ec28b6c0cd53b47be7feb67c49c7bf644b121 gnutls-devel-3.3.8-14.el7_2.x86_64.rpm
d38654394efb4aaa52d2ecb771ff03077187f6dc97f9c93fcb10044c451242b3 gnutls-utils-3.3.8-14.el7_2.x86_64.rpm

Source:
6bb78e62521dbbba7e8ff0f8e42b1b94f1fc80ed0fede9fc0f285ca460af424d gnutls-3.3.8-14.el7_2.src.rpm

Cause:   State error
Underlying OS:  Linux (CentOS)
Underlying OS Comments:  6, 7

Message History:   This archive entry is a follow-up to the message listed below.
Dec 28 2015 Mozilla Firefox MD5 Signature Support in TLS ServerKeyExchange Messages Exposes Users to Hash Collision Forgery Attacks



 Source Message Contents

Subject:  [CentOS-announce] CESA-2016:0012 Moderate CentOS 6 gnutls Security Update


CentOS Errata and Security Advisory 2016:0012 Moderate

Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0012.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
0eb31a49120fa25c404589fd876c9d7cfc4aeef7cd7b2a2a2d24711e967f8279  gnutls-2.8.5-19.el6_7.i686.rpm
d22dfa913e478b539e1f7b5320b4d86d2457a5824132572fc1d6acabffd95cb6  gnutls-devel-2.8.5-19.el6_7.i686.rpm
95b9d374cee86ebbb1bf66bc28768436b7cab6c79cc8dd2a15cea2c2955333bd  gnutls-guile-2.8.5-19.el6_7.i686.rpm
0fae500124573d8553d0c5271f56034b1f57d7c401bd66a3acaf0d261dcff5ee  gnutls-utils-2.8.5-19.el6_7.i686.rpm

x86_64:
0eb31a49120fa25c404589fd876c9d7cfc4aeef7cd7b2a2a2d24711e967f8279  gnutls-2.8.5-19.el6_7.i686.rpm
93478fbb225e309223547a6cfe0c0fdffe7e67d8c6fa41a25a75ad3b5aef516f  gnutls-2.8.5-19.el6_7.x86_64.rpm
d22dfa913e478b539e1f7b5320b4d86d2457a5824132572fc1d6acabffd95cb6  gnutls-devel-2.8.5-19.el6_7.i686.rpm
fe099db8392403aab03e9113f587ef1ea61cd6cd11bb21bda8f9dbc81e152575  gnutls-devel-2.8.5-19.el6_7.x86_64.rpm
95b9d374cee86ebbb1bf66bc28768436b7cab6c79cc8dd2a15cea2c2955333bd  gnutls-guile-2.8.5-19.el6_7.i686.rpm
8bd6cce01af65e8479615f4072491fea767b18ea15b6249956542e53199284f9  gnutls-guile-2.8.5-19.el6_7.x86_64.rpm
6e8ad5e215f169dea7f244157507ab12d625c6f7c7a8e7c93e5965d17672f72c  gnutls-utils-2.8.5-19.el6_7.x86_64.rpm

Source:
a562cd4f57e2d3a65a61a233190b1efa90750a3ec2a8f63301222d65928dfb1d  gnutls-2.8.5-19.el6_7.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC