Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Patches » RHBA-2013:0028-01

Overview

Id RHBA-2013:0028-01
Name Red Hat 2013:0028-01 RHBA gnutls bug fix update for RHEL 5 x86
Vendor Name red_hat
Product None
Content Type Recommended Recommended
Language(s)
Operating System(s) Linux 
Released On 07 Jan 2013 12:00:00

RHBA-2013:0028-01

Red Hat 2013:0028-01 RHBA gnutls bug fix update for RHEL 5 x86

Vendor Name

red_hat

Product

None

Released On

07 Jan 2013 12:00:00

Url

https://rhn.redhat.com/errata/RHBA-2013-0028.html

Description

LSAC(v2)
The gnutls packages provides the GNU Transport Layer Security (GnuTLS) library, which provides a secure layer over a transport layer using protocols such as TLS, SSL, and DTLS. This update fixes the following bugs: * The gnutls packages reported wrong distinguished names (DNs) for chain CA certificates used for the client authentication; the issuer DN was reported instead of the subject DN. As a consequence, the TLS clients were not able to provide a client certificate signed by a chain CA certificate when connecting to a gnutls TLS server. The underlying source code has been modified and gnutls now reports the right DN and the TLS clients work as expected in the described scenario. (BZ#592112) * Previously, in the certool utility was a missing check used for an empty string when a challenge password was entered. Consequently, certificate requests generated by certtool were sometimes invalid when an empty challenge password was used. This missing empty-string check has been added and now the certtool's certificate requests are valid even if the challenge password is not entered. (BZ#730816) * Under certain circumstances, a null pointer could be dereferenced in the GnuTLS library. This caused TLS clients, such as the rsyslog utility, to terminate unexpectedly with a segmentation fault. This update adds a test condition ensuring that null pointers can no longer be dereferenced and TLS clients no longer crash. (BZ#785001) All users of gnutls are advised to upgrade to these updated packages, which fix these bugs.

Related Resources

Related Vulnerabilities

None

Related Patches

None

Superseded Patches


Last Updated: 27 May 2016 11:16:11