[SECURITY] [DLA 180-1] gnutls26 security update

2015-03-2507:50:43

lists.debian.org

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.006 Low

EPSS

Percentile

77.8%

JSON

Package : gnutls26
Version : 2.8.6-1+squeeze5
CVE ID : CVE-2014-8155 CVE-2015-0282 CVE-2015-0294

Multiple vulnerabilities have been discovered in GnuTLS, a library
implementing the TLS and SSL protocols. The Common Vulnerabilities and
Exposures project identifies the following problems:

CVE-2014-8155

Missing date/time checks on CA certificates

CVE-2015-0282

GnuTLS does not verify the RSA PKCS #1 signature algorithm to match
the signature algorithm in the certificate, leading to a potential
downgrade to a disallowed algorithm without detecting it.

CVE-2015-0294

GnuTLS does not check whether the two signature algorithms match on
certificate import.

–
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/

OSVersionArchitecturePackageVersionFilename
Debian6allgnutls-bin< 2.8.6-1+squeeze5gnutls-bin_2.8.6-1+squeeze5_all.deb
Debian6allguile-gnutls< 2.8.6-1+squeeze5guile-gnutls_2.8.6-1+squeeze5_all.deb
Debian6alllibgnutls-dev< 2.8.6-1+squeeze5libgnutls-dev_2.8.6-1+squeeze5_all.deb
Debian6allgnutls-doc< 2.8.6-1+squeeze5gnutls-doc_2.8.6-1+squeeze5_all.deb
Debian6alllibgnutls26-dbg< 2.8.6-1+squeeze5libgnutls26-dbg_2.8.6-1+squeeze5_all.deb
Debian6allgnutls26< 2.8.6-1+squeeze5gnutls26_2.8.6-1+squeeze5_all.deb
Debian6alllibgnutls26< 2.8.6-1+squeeze5libgnutls26_2.8.6-1+squeeze5_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	6	all	gnutls-bin	< 2.8.6-1+squeeze5	gnutls-bin_2.8.6-1+squeeze5_all.deb
Debian	6	all	guile-gnutls	< 2.8.6-1+squeeze5	guile-gnutls_2.8.6-1+squeeze5_all.deb
Debian	6	all	libgnutls-dev	< 2.8.6-1+squeeze5	libgnutls-dev_2.8.6-1+squeeze5_all.deb
Debian	6	all	gnutls-doc	< 2.8.6-1+squeeze5	gnutls-doc_2.8.6-1+squeeze5_all.deb
Debian	6	all	libgnutls26-dbg	< 2.8.6-1+squeeze5	libgnutls26-dbg_2.8.6-1+squeeze5_all.deb
Debian	6	all	gnutls26	< 2.8.6-1+squeeze5	gnutls26_2.8.6-1+squeeze5_all.deb
Debian	6	all	libgnutls26	< 2.8.6-1+squeeze5	libgnutls26_2.8.6-1+squeeze5_all.deb