Medium: gnutls

Issue Overview:

It was found that GnuTLS did not check activation and expiration dates of CA certificates. This could cause an application using GnuTLS to incorrectly accept a certificate as valid when its issuing CA is already expired. (CVE-2014-8155)

It was found that GnuTLS did not verify whether a hashing algorithm listed in a signature matched the hashing algorithm listed in the certificate. An attacker could create a certificate that used a different hashing algorithm than it claimed, possibly causing GnuTLS to use an insecure, disallowed hashing algorithm during certificate verification. (CVE-2015-0282)

It was discovered that GnuTLS did not check if all sections of X.509 certificates indicate the same signature algorithm. This flaw, in combination with a different flaw, could possibly lead to a bypass of the certificate signature check. (CVE-2015-0294)

Affected Packages:

gnutls

Issue Correction:
Run yum update gnutls to update your system.

New Packages:

i686:  
    gnutls-2.8.5-18.14.amzn1.i686  
    gnutls-debuginfo-2.8.5-18.14.amzn1.i686  
    gnutls-devel-2.8.5-18.14.amzn1.i686  
    gnutls-guile-2.8.5-18.14.amzn1.i686  
    gnutls-utils-2.8.5-18.14.amzn1.i686  
  
src:  
    gnutls-2.8.5-18.14.amzn1.src  
  
x86_64:  
    gnutls-debuginfo-2.8.5-18.14.amzn1.x86_64  
    gnutls-guile-2.8.5-18.14.amzn1.x86_64  
    gnutls-utils-2.8.5-18.14.amzn1.x86_64  
    gnutls-2.8.5-18.14.amzn1.x86_64  
    gnutls-devel-2.8.5-18.14.amzn1.x86_64  

Additional References

Red Hat: CVE-2014-8155, CVE-2015-0282, CVE-2015-0294

Mitre: CVE-2014-8155, CVE-2015-0282, CVE-2015-0294