Bugzilla – Bug 921684
VUL-0: CVE-2015-0282: gnutls: GNUTLS-SA-2015-1: Signature forgery
Last modified: 2015-04-08 07:55:22 UTC
from gnutls.org website:
This issue only affects versions of GnuTLS prior to 3.1.0 (released in 2012). These versions don't verify the RSA PKCS #1 signature algorithm to match the signature algorithm in the certificate, leading to a potential downgrade to a disallowed algorithm, such as MD5, without detecting it.
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2015-03-25.
When done, reassign the bug to firstname.lastname@example.org.
Author: Nikos Mavrogiannopoulos <email@example.com>
Date: Mon Feb 23 10:03:47 2015 +0100
Added fix for GNUTLS-SA-2015-1
in https://gitlab.com/gnutls/gnutls.git gnutls_2_12_x branch
bugbot adjusting priority
SUSE-SU-2015:0675-1: An update that fixes three vulnerabilities is now available.
Category: security (moderate)
Bug References: 919938,921684
CVE References: CVE-2014-8155,CVE-2015-0282,CVE-2015-0294
SUSE Manager 1.7 for SLE 11 SP2 (src): gnutls-2.4.1-22.214.171.124
SUSE Linux Enterprise Software Development Kit 11 SP3 (src): gnutls-2.4.1-126.96.36.199
SUSE Linux Enterprise Server 11 SP3 for VMware (src): gnutls-2.4.1-188.8.131.52
SUSE Linux Enterprise Server 11 SP3 (src): gnutls-2.4.1-184.108.40.206
SUSE Linux Enterprise High Availability Extension 11 SP3 (src): gnutls-2.4.1-220.127.116.11
SUSE Linux Enterprise Desktop 11 SP3 (src): gnutls-2.4.1-18.104.22.168