Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 543
Alerts This Week
Warning Icon 1 543

Ubuntu 14.10 Security Advisory USN-2540-1 Critical: GnuTLS Issues

ubuntu
Calendar Grey March 23, 2015
Dist Ubuntu Esm H88
GnuTLS security issues are resolved in Ubuntu 14.10, ensuring system integrity and safety from exploits.
Several security issues were fixed in GnuTLS.

Summary

Several security issues were fixed in GnuTLS.

Software Description:

- gnutls28: GNU TLS library

- gnutls26: GNU TLS library

Details:

It was discovered that GnuTLS did not perform date and time checks on

CA certificates, contrary to expectations. This issue only affected

Ubuntu 10.04 LTS. (CVE-2014-8155)

Nikos Mavrogiannopoulos discovered that GnuTLS incorrectly verified that

signature algorithms matched. A remote attacker could possibly use this

issue to downgrade to a disallowed algorithm. This issue only affected

Ubuntu 10.04 LTS, Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-0282)

It was discovered that GnuTLS incorrectly verified certificate algorithms.

A remote attacker could possibly use this issue to downgrade to a

disallowed algorithm. (CVE-2015-0294)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.10:
  libgnutls-deb0-28               3.2.16-1ubuntu2.2

Ubuntu 14.04 LTS:
  libgnutls26                     2.12.23-12ubuntu2.2

Ubuntu 12.04 LTS:
  libgnutls26                     2.12.14-5ubuntu3.9

Ubuntu 10.04 LTS:
  libgnutls26                     2.8.5-2ubuntu0.7

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2540-1

CVE-2014-8155, CVE-2015-0282, CVE-2015-0294

Severity
critical
Lowest
Low
Medium
High
Critical

March 23, 2015

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.