DebianDEBIAN:DLA-180-1:73166[SECURITY] [DLA 180-1] gnutls26 security update
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
75.5%
Package : gnutls26
Version : 2.8.6-1+squeeze5
CVE ID : CVE-2014-8155 CVE-2015-0282 CVE-2015-0294
Multiple vulnerabilities have been discovered in GnuTLS, a library
implementing the TLS and SSL protocols. The Common Vulnerabilities and
Exposures project identifies the following problems:
CVE-2014-8155
Missing date/time checks on CA certificates
CVE-2015-0282
GnuTLS does not verify the RSA PKCS #1 signature algorithm to match
the signature algorithm in the certificate, leading to a potential
downgrade to a disallowed algorithm without detecting it.
CVE-2015-0294
GnuTLS does not check whether the two signature algorithms match on
certificate import.
β
RaphaΓ«l Hertzog β Debian Developer
Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/
Attachment:
signature.asc
Description: Digital signature
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 7 | sparc | gnutls-bin | <Β 3.0.22-3+really2.12.20-8+deb7u3 | gnutls-bin_3.0.22-3+really2.12.20-8+deb7u3_sparc.deb |
| Debian | 7 | ia64 | libgnutls-dev | <Β 2.12.20-8+deb7u3 | libgnutls-dev_2.12.20-8+deb7u3_ia64.deb |
| Debian | 6 | i386 | gnutls-bin | <Β 2.8.6-1+squeeze5 | gnutls-bin_2.8.6-1+squeeze5_i386.deb |
| Debian | 7 | kfreebsd-amd64 | guile-gnutls | <Β 3.0.22-3+really2.12.20-8+deb7u3 | guile-gnutls_3.0.22-3+really2.12.20-8+deb7u3_kfreebsd-amd64.deb |
| Debian | 7 | mipsel | libgnutls26 | <Β 2.12.20-8+deb7u3 | libgnutls26_2.12.20-8+deb7u3_mipsel.deb |
| Debian | 7 | amd64 | gnutls-bin | <Β 3.0.22-3+really2.12.20-8+deb7u3 | gnutls-bin_3.0.22-3+really2.12.20-8+deb7u3_amd64.deb |
| Debian | 7 | kfreebsd-amd64 | libgnutls-dev | <Β 2.12.20-8+deb7u3 | libgnutls-dev_2.12.20-8+deb7u3_kfreebsd-amd64.deb |
| Debian | 7 | mips | libgnutls-openssl27 | <Β 2.12.20-8+deb7u3 | libgnutls-openssl27_2.12.20-8+deb7u3_mips.deb |
| Debian | 7 | amd64 | libgnutls26 | <Β 2.12.20-8+deb7u3 | libgnutls26_2.12.20-8+deb7u3_amd64.deb |
| Debian | 7 | s390 | libgnutls-dev | <Β 2.12.20-8+deb7u3 | libgnutls-dev_2.12.20-8+deb7u3_s390.deb |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
75.5%