DSA-3191-1 gnutls26 -- gnutls26ID: oval:org.secpod.oval:def:601989 | Date: (C)2015-03-20 (M)2023-07-28 |
Class: PATCH | Family: unix |
Multiple vulnerabilities have been discovered in GnuTLS, a library implementing the TLS and SSL protocols. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-0282 GnuTLS does not verify the RSA PKCS #1 signature algorithm to match the signature algorithm in the certificate, leading to a potential downgrade to a disallowed algorithm without detecting it. CVE-2015-0294 It was reported that GnuTLS does not check whether the two signature algorithms match on certificate import.