Bug 38067

Summary: gnutls26: Multiple issues (4.0)
Product: UCS Reporter: Arvid Requate <requate>
Component: Security updatesAssignee: Felix Botner <botner>
Status: CLOSED FIXED QA Contact: Daniel Tröder <troeder>
Severity: normal    
Priority: P5 CC: gohmann, walkenhorst
Version: UCS 4.0Flags: requate: Patch_Available+
Target Milestone: UCS 4.0-3-errata   
Hardware: Other   
OS: Linux   
What kind of report is it?: Security Issue What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional):
Max CVSS v3 score: 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)

Description Arvid Requate univentionstaff 2015-03-17 16:46:43 CET 
CVE-2015-0282: Signature forgery

CVE-2015-0294: Certificate algorithm consistency checking issue
Comment 1 Arvid Requate univentionstaff 2015-05-06 16:52:43 CEST 
Fixed in upstream Debian package version 2.12.20-8+deb7u3
Comment 2 Felix Botner univentionstaff 2015-09-11 10:34:34 CEST 
2.12.20-8+deb7u3 imported from wheezy and built in errata4.0-3.

YAML: 2015-09-11-gnutls26.yaml
Comment 3 Daniel Tröder univentionstaff 2015-09-18 10:17:17 CEST 
OK: DEBIAN_FRONTEND=noninteractive apt-get install -y libgnutls26
OK: /usr/share/doc/libgnutls26/changelog.Debian.gz
OK: r63646 + 63650 / 2015-09-11-gnutls26.yaml / CVE…
OK: Test: wget --secure-protocol=TLSv1 --ca-certificate=/etc/univention/ssl/ucsCA/CAcert.pem https://$(hostname -f)/ -O /dev/null &>/dev/null && echo OK
Comment 4 Janek Walkenhorst univentionstaff 2015-09-24 14:36:36 CEST 
<http://errata.software-univention.de/ucs/4.0/331.html>