Bug 38067 – gnutls26: Multiple issues (4.0)

Bug 38067 - gnutls26: Multiple issues (4.0)


Summary:	gnutls26: Multiple issues (4.0)

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	Security updates
Version:	UCS 4.0
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 4.0-3-errata
Assigned To:	Felix Botner
QA Contact:	Daniel Tröder

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2015-03-17 16:46 CET by Arvid Requate
Modified:	2017-02-21 00:44 CET (History)
CC List:	2 users (show)

See Also:
What kind of report is it?:	Security Issue
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:	4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)

Flags:	requate: Patch_Available+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Arvid Requate

2015-03-17 16:46:43 CET

CVE-2015-0282: Signature forgery

CVE-2015-0294: Certificate algorithm consistency checking issue

Comment 1 Arvid Requate

2015-05-06 16:52:43 CEST

Fixed in upstream Debian package version 2.12.20-8+deb7u3

Comment 2 Felix Botner

2015-09-11 10:34:34 CEST

2.12.20-8+deb7u3 imported from wheezy and built in errata4.0-3.

YAML: 2015-09-11-gnutls26.yaml

Comment 3 Daniel Tröder

2015-09-18 10:17:17 CEST

OK: DEBIAN_FRONTEND=noninteractive apt-get install -y libgnutls26
OK: /usr/share/doc/libgnutls26/changelog.Debian.gz
OK: r63646 + 63650 / 2015-09-11-gnutls26.yaml / CVE…
OK: Test: wget --secure-protocol=TLSv1 --ca-certificate=/etc/univention/ssl/ucsCA/CAcert.pem https://$(hostname -f)/ -O /dev/null &>/dev/null && echo OK

Comment 4 Janek Walkenhorst

2015-09-24 14:36:36 CEST

<http://errata.software-univention.de/ucs/4.0/331.html>