Key Information from Security Advisory RHSA-2015:1457 Synopsis Severity: Moderate Description: gnutls security and bug fix update Type/Severity Security Advisory: Moderate Topic Summary: Updated gnutls packages that fix three security issues and one bug are now available for Red Hat Enterprise Linux 6. Impact: Moderate security impact. CVSS base scores are detailed in the CVE links. Vulnerabilities Fixed CVE-2014-8155: gnutls does not check activation and expiration dates of CA certificates. CVE-2015-0282: gnutls does not verify hashing algorithm consistency in certificates. CVE-2015-0294: gnutls does not check if X.509 certificates indicate the same signature algorithm. Bugs Fixed BZ - 1036385: Certtool generates certificates with a negative modulus. Affected Products Red Hat Enterprise Linux Server 6 x86_64, i386, Workstation 6 x86_64, i386, etc. Extended Life Cycle Support versions for i386 and x86_64 are also included. Solution Users are advised to upgrade to the updated packages containing backported patches. References Red Hat Security Advisory Classifier