Your submission was sent successfully! Close

CVE-2015-0282

Published: 12 March 2015

GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via unspecified vectors.

Priority

Medium

Status

Package Release Status
gnutls26
Launchpad, Ubuntu, Debian
lucid
Released (2.8.5-2ubuntu0.7)
precise
Released (2.12.14-5ubuntu3.9)
trusty
Released (2.12.23-12ubuntu2.2)
upstream Needed

utopic Ignored
(reached end-of-life)
vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

gnutls28
Launchpad, Ubuntu, Debian
lucid Does not exist

precise Does not exist
(precise was needed)
trusty Does not exist
(trusty was not-affected)
upstream
Released (3.1.0)
utopic Not vulnerable

vivid Not vulnerable

wily Not vulnerable

xenial Not vulnerable

yakkety Not vulnerable

zesty Not vulnerable