5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.006 Low
EPSS
Percentile
77.8%
Package : gnutls26
Version : 2.8.6-1+squeeze5
CVE ID : CVE-2014-8155 CVE-2015-0282 CVE-2015-0294
Multiple vulnerabilities have been discovered in GnuTLS, a library
implementing the TLS and SSL protocols. The Common Vulnerabilities and
Exposures project identifies the following problems:
CVE-2014-8155
Missing date/time checks on CA certificates
CVE-2015-0282
GnuTLS does not verify the RSA PKCS #1 signature algorithm to match
the signature algorithm in the certificate, leading to a potential
downgrade to a disallowed algorithm without detecting it.
CVE-2015-0294
GnuTLS does not check whether the two signature algorithms match on
certificate import.
β
RaphaΓ«l Hertzog β Debian Developer
Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 6 | all | gnutls-bin | <Β 2.8.6-1+squeeze5 | gnutls-bin_2.8.6-1+squeeze5_all.deb |
Debian | 6 | all | guile-gnutls | <Β 2.8.6-1+squeeze5 | guile-gnutls_2.8.6-1+squeeze5_all.deb |
Debian | 6 | all | libgnutls-dev | <Β 2.8.6-1+squeeze5 | libgnutls-dev_2.8.6-1+squeeze5_all.deb |
Debian | 6 | all | gnutls-doc | <Β 2.8.6-1+squeeze5 | gnutls-doc_2.8.6-1+squeeze5_all.deb |
Debian | 6 | all | libgnutls26-dbg | <Β 2.8.6-1+squeeze5 | libgnutls26-dbg_2.8.6-1+squeeze5_all.deb |
Debian | 6 | all | gnutls26 | <Β 2.8.6-1+squeeze5 | gnutls26_2.8.6-1+squeeze5_all.deb |
Debian | 6 | all | libgnutls26 | <Β 2.8.6-1+squeeze5 | libgnutls26_2.8.6-1+squeeze5_all.deb |