Debian Gnutls28 vulnerabilities

CVE-2015-0282 [MEDIUM] CVE-2015-0282: gnutls28 - GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature algorithm mat... GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via unspecified vectors. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2014-3466 [MEDIUM] CVE-2014-3466: gnutls28 - Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in G... Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a long session id in a ServerHello message. Scope: local bookworm: resolved (fixed in 3.2.15-1) bullseye: resolv

CVE-2014-0092 [MEDIUM] CVE-2014-0092: gnutls28 - lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not prope... lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. Scope: local bookworm: resolved (fixed in 3.2.11-2) bullseye: resolved (fixed in 3.2.11-2) forky: resolved (fixed in 3.2

CVE-2014-8564 [MEDIUM] CVE-2014-8564: gnutls28 - The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3... The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing requests (CSR), related to generating key IDs. Scope: local bookworm:

CVE-2014-3465 [MEDIUM] CVE-2014-3465: gnutls28 - The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3.0 before 3... The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS 3.0 before 3.1.20 and 3.2.x before 3.2.10 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted X.509 certificate, related to a missing LDAP description for an OID when printing the DN. Scope: local bookworm: resolved (fixed in 3.2.10-1) bullseye: resolved (f

CVE-2014-1959 [MEDIUM] CVE-2014-1959: gnutls28 - lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version... lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates. Scope: local bookworm: resolved (fixed in 3.2.11-1) bullseye: resolved (fixed in 3.2.11-1) forky: re

CVE-2014-3566 [LOW] CVE-2014-3566: bouncycastle - The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses... The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2014-8155 [MEDIUM] CVE-2014-8155: gnutls28 - GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA c... GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate that is (1) not yet valid or (2) no longer valid. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2013-0169 [LOW] CVE-2013-0169: bouncycastle - The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenS... The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical anal

CVE-2013-4487 [MEDIUM] CVE-2013-4487: gnutls28 - Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in GnuTLS 3.... Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries. NOTE: this issue is due to an incomplete fix for CVE-2013-4466. Scope: local bookworm: resolved bullseye: resolved forky: reso

CVE-2013-4466 [MEDIUM] CVE-2013-4466: gnutls28 - Buffer overflow in the dane_query_tlsa function in the DANE library (libdane) in... Buffer overflow in the dane_query_tlsa function in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.15 and 3.2.x before 3.2.5 allows remote servers to cause a denial of service (memory corruption) via a response with more than four DANE entries. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2013-1619 [LOW] CVE-2013-1619: gnutls28 - The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x ... The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data f

CVE-2012-1663 [HIGH] CVE-2012-1663: gnutls28 - Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows remote att... Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted certificate list. Scope: local bookworm: resolved (fixed in 3.0.14-1) bullseye: resolved (fixed in 3.0.14-1) forky: resolved (fixed in 3.0.14-1) sid: resolved (fixed in 3.0.14-1

CVE-2012-1573 [MEDIUM] CVE-2012-1573: gnutls28 - gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does... gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure. Scope: local bookworm: resolved (fixed in 3

CVE-2012-0390 [MEDIUM] CVE-2012-0390: gnutls28 - The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-hand... The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related issue to CVE-2011-4108. Scope: local bookworm: resolved (fixed in 3.0.

CVE-2011-3389 [MEDIUM] CVE-2011-3389: asterisk - The SSL protocol, as used in certain configurations in Microsoft Windows and Mic... The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS s

CVE-2009-5138 [MEDIUM] CVE-2009-5138: gnutls28 - GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not ena... GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates, a different vulnerability than CVE-2014-1959. Scope: local bookworm: resolved bu