What is the severity of RHSA-2016:0012?

The severity of RHSA-2016:0012 is classified as moderate.

How do I fix RHSA-2016:0012?

To fix RHSA-2016:0012, update the GnuTLS library to version 3.3.8-14.el7_2 or 2.8.5-19.el6_7 depending on your system.

What is the vulnerability in RHSA-2016:0012?

RHSA-2016:0012 addresses a flaw in the GnuTLS library related to the use of the MD5 hash function in TLS 1.2 communications.

Which packages are affected by RHSA-2016:0012?

The affected packages include gnutls, gnutls-dane, gnutls-debuginfo, gnutls-devel, and gnutls-utils.

Is RHSA-2016:0012 applicable to both el6 and el7 versions?

Yes, RHSA-2016:0012 is applicable to both el6 and el7 versions of affected packages.

Vulnerability/
RHSA-2016:0012

7/1/2016

RHSA-2016:0012: Moderate: gnutls security update

First published: Thu Jan 07 2016(Updated: )

The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) All gnutls users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all applications linked to the GnuTLS library must be restarted.

Affected Software	Affected Version	How to fix
redhat/gnutls	<3.3.8-14.el7_2	3.3.8-14.el7_2
redhat/gnutls	<3.3.8-14.el7_2	3.3.8-14.el7_2
redhat/gnutls-dane	<3.3.8-14.el7_2	3.3.8-14.el7_2
redhat/gnutls-dane	<3.3.8-14.el7_2	3.3.8-14.el7_2
redhat/gnutls-debuginfo	<3.3.8-14.el7_2	3.3.8-14.el7_2
redhat/gnutls-debuginfo	<3.3.8-14.el7_2	3.3.8-14.el7_2
redhat/gnutls-devel	<3.3.8-14.el7_2	3.3.8-14.el7_2
redhat/gnutls-devel	<3.3.8-14.el7_2	3.3.8-14.el7_2
redhat/gnutls-utils	<3.3.8-14.el7_2	3.3.8-14.el7_2
redhat/gnutls	<2.8.5-19.el6_7	2.8.5-19.el6_7
redhat/gnutls	<2.8.5-19.el6_7	2.8.5-19.el6_7
redhat/gnutls-debuginfo	<2.8.5-19.el6_7	2.8.5-19.el6_7
redhat/gnutls-debuginfo	<2.8.5-19.el6_7	2.8.5-19.el6_7
redhat/gnutls-devel	<2.8.5-19.el6_7	2.8.5-19.el6_7
redhat/gnutls-devel	<2.8.5-19.el6_7	2.8.5-19.el6_7
redhat/gnutls-guile	<2.8.5-19.el6_7	2.8.5-19.el6_7
redhat/gnutls-guile	<2.8.5-19.el6_7	2.8.5-19.el6_7
redhat/gnutls-utils	<2.8.5-19.el6_7	2.8.5-19.el6_7
redhat/gnutls-utils	<2.8.5-19.el6_7	2.8.5-19.el6_7
redhat/gnutls-utils	<3.3.8-14.el7_2	3.3.8-14.el7_2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of RHSA-2016:0012?
The severity of RHSA-2016:0012 is classified as moderate.
How do I fix RHSA-2016:0012?
To fix RHSA-2016:0012, update the GnuTLS library to version 3.3.8-14.el7_2 or 2.8.5-19.el6_7 depending on your system.
What is the vulnerability in RHSA-2016:0012?
RHSA-2016:0012 addresses a flaw in the GnuTLS library related to the use of the MD5 hash function in TLS 1.2 communications.
Which packages are affected by RHSA-2016:0012?
The affected packages include gnutls, gnutls-dane, gnutls-debuginfo, gnutls-devel, and gnutls-utils.
Is RHSA-2016:0012 applicable to both el6 and el7 versions?
Yes, RHSA-2016:0012 is applicable to both el6 and el7 versions of affected packages.

agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/remedy
agent/severity
agent/softwarecombine
agent/tags
agent/title
agent/type
collector/redhat-errata
anchor-id/RHSA-2016:0012
package-manager/redhat