CVE-2014-8627

Published: 24 November 2014

PolarSSL 1.3.8 does not properly negotiate the signature algorithm to use, which allows remote attackers to conduct downgrade attacks via unspecified vectors.

Notes

Author	Note
seth-arnold	This bug was introduced in 1.3.8

Priority

Status

Package	Release	Status
polarssl Launchpad, Ubuntu, Debian	lucid	Ignored (end of life)
	precise	Not vulnerable
	trusty	Does not exist (trusty was not-affected)
	upstream	Released (1.3.9-1)
	utopic	Not vulnerable

References

https://marc.info/?l=oss-security&m=141527401301333&w=2
https://polarssl.org/tech-updates/releases/polarssl-1.3.9-released
https://www.cve.org/CVERecord?id=CVE-2014-8627
NVD
Launchpad
Debian

Bugs

https://bugzilla.novell.com/show_bug.cgi?id=CVE-2014-8627

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›