CVE-2015-0282

Published: 12 March 2015

GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via unspecified vectors.

Priority

Medium

Status

Package Release Status
gnutls26
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr)
Released (2.12.23-12ubuntu2.2)
Patches:
Upstream: https://gitlab.com/gnutls/gnutls/commit/d326f81daed5a1a06476d66a81584f8c7b71141d
Vendor: https://bugzilla.redhat.com/attachment.cgi?id=997548
gnutls28
Launchpad, Ubuntu, Debian
Upstream
Released (3.1.0)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected)