Debian 9859 Published by

A gnutls26 update has been released for Debian 6 LTS



Package : gnutls26
Version : 2.8.6-1+squeeze5
CVE ID : CVE-2014-8155 CVE-2015-0282 CVE-2015-0294

Multiple vulnerabilities have been discovered in GnuTLS, a library
implementing the TLS and SSL protocols. The Common Vulnerabilities and
Exposures project identifies the following problems:

CVE-2014-8155

Missing date/time checks on CA certificates

CVE-2015-0282

GnuTLS does not verify the RSA PKCS #1 signature algorithm to match
the signature algorithm in the certificate, leading to a potential
downgrade to a disallowed algorithm without detecting it.

CVE-2015-0294

GnuTLS does not check whether the two signature algorithms match on
certificate import.
  Gnutls26 security update for Debian 6 LTS