|
|
Log in / Subscribe / Register

gnutls26: two vulnerabilities

Package(s):gnutls26 CVE #(s):CVE-2015-0282 CVE-2015-0294
Created:March 16, 2015 Updated:July 30, 2015
Description: From the Debian advisory:

CVE-2015-0282: GnuTLS does not verify the RSA PKCS #1 signature algorithm to match the signature algorithm in the certificate, leading to a potential downgrade to a disallowed algorithm without detecting it.

CVE-2015-0294: It was reported that GnuTLS does not check whether the two signature algorithms match on certificate import.

Alerts:
Mageia MGASA-2015-0322 gnutls 2015-08-25
Scientific Linux SLSA-2015:1457-1 gnutls 2015-08-03
Oracle ELSA-2015-1457 gnutls 2015-07-29
Red Hat RHSA-2015:1457-01 gnutls 2015-07-22
openSUSE openSUSE-SU-2015:0622-1 gnutls 2015-03-30
Debian-LTS DLA-180-1 gnutls26 2015-03-25
Ubuntu USN-2540-1 gnutls26, gnutls28 2015-03-23
Debian DSA-3191-1 gnutls26 2015-03-15
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds