Test ID:	1.3.6.1.4.1.25623.1.0.703191
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-3191-1)
Summary:	The remote host is missing an update for the Debian 'gnutls26' package(s) announced via the DSA-3191-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'gnutls26' package(s) announced via the DSA-3191-1 advisory. Vulnerability Insight: Multiple vulnerabilities have been discovered in GnuTLS, a library implementing the TLS and SSL protocols. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-0282 GnuTLS does not verify the RSA PKCS #1 signature algorithm to match the signature algorithm in the certificate, leading to a potential downgrade to a disallowed algorithm without detecting it. CVE-2015-0294 It was reported that GnuTLS does not check whether the two signature algorithms match on certificate import. For the stable distribution (wheezy), these problems have been fixed in version 2.12.20-8+deb7u3. We recommend that you upgrade your gnutls26 packages. Affected Software/OS: 'gnutls26' package(s) on Debian 7. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-0282 BugTraq ID: 73119 http://www.securityfocus.com/bid/73119 Debian Security Information: DSA-3191 (Google Search) http://www.debian.org/security/2015/dsa-3191 RedHat Security Advisories: RHSA-2015:1457 http://rhn.redhat.com/errata/RHSA-2015-1457.html http://www.securitytracker.com/id/1032148 Common Vulnerability Exposure (CVE) ID: CVE-2015-0294 https://bugzilla.redhat.com/show_bug.cgi?id=1196323 https://gitlab.com/gnutls/gnutls/commit/6e76e9b9fa845b76b0b9a45f05f4b54a052578ff
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.