SUSE Security Update: Security update for gnutls ______________________________________________________________________________ Announcement ID: SUSE-SU-2014:0319-1 Rating: critical References: #835760 #865804 #865993 Cross-References: CVE-2009-5138 CVE-2014-0092 Affected Products: SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Server 11 SP3 for VMware SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise High Availability Extension 11 SP3 SUSE Linux Enterprise Desktop 11 SP3 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: The GnuTLS library received a critical security fix and other updates: * CVE-2014-0092: The X.509 certificate verification had incorrect error handling, which could lead to broken certificates marked as being valid. * CVE-2009-5138: A verification problem in handling V1 certificates could also lead to V1 certificates incorrectly being handled. Additionally a memory leak in PSK authentication has been fixed (bnc#835760). Security Issue references: * CVE-2014-0092 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0092
* CVE-2009-5138 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5138
Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11 SP3: zypper in -t patch sdksp3-gnutls-8949 - SUSE Linux Enterprise Server 11 SP3 for VMware: zypper in -t patch slessp3-gnutls-8949 - SUSE Linux Enterprise Server 11 SP3: zypper in -t patch slessp3-gnutls-8949 - SUSE Linux Enterprise High Availability Extension 11 SP3: zypper in -t patch slehasp3-gnutls-8949 - SUSE Linux Enterprise Desktop 11 SP3: zypper in -t patch sledsp3-gnutls-8949 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Linux Enterprise Software Development Kit 11 SP3 (i586 ia64 ppc64 s390x x86_64): libgnutls-devel-2.4.1-24.39.49.1 libgnutls-extra-devel-2.4.1-24.39.49.1 libgnutls-extra26-2.4.1-24.39.49.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (i586 x86_64): gnutls-2.4.1-24.39.49.1 libgnutls-extra26-2.4.1-24.39.49.1 libgnutls26-2.4.1-24.39.49.1 - SUSE Linux Enterprise Server 11 SP3 for VMware (x86_64): libgnutls26-32bit-2.4.1-24.39.49.1 - SUSE Linux Enterprise Server 11 SP3 (i586 ia64 ppc64 s390x x86_64): gnutls-2.4.1-24.39.49.1 libgnutls-extra26-2.4.1-24.39.49.1 libgnutls26-2.4.1-24.39.49.1 - SUSE Linux Enterprise Server 11 SP3 (ppc64 s390x x86_64): libgnutls26-32bit-2.4.1-24.39.49.1 - SUSE Linux Enterprise Server 11 SP3 (ia64): libgnutls26-x86-2.4.1-24.39.49.1 - SUSE Linux Enterprise High Availability Extension 11 SP3 (i586 ia64 ppc64 s390x x86_64): libgnutls-extra26-2.4.1-24.39.49.1 - SUSE Linux Enterprise Desktop 11 SP3 (i586 x86_64): gnutls-2.4.1-24.39.49.1 libgnutls26-2.4.1-24.39.49.1 - SUSE Linux Enterprise Desktop 11 SP3 (x86_64): libgnutls26-32bit-2.4.1-24.39.49.1 References: http://support.novell.com/security/cve/CVE-2009-5138.html http://support.novell.com/security/cve/CVE-2014-0092.html https://bugzilla.novell.com/835760 https://bugzilla.novell.com/865804 https://bugzilla.novell.com/865993 http://download.novell.com/patch/finder/?keywords=404ba85fa44d8b2dcaf3de46ba... -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org