GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via unspecified vectors.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "3.0.11+really2.12.23-12ubuntu2.2", "binary_name": "gnutls-bin" }, { "binary_version": "2.12.23-12ubuntu2.2", "binary_name": "gnutls26-doc" }, { "binary_version": "2.12.23-12ubuntu2.2", "binary_name": "libgnutls-dev" }, { "binary_version": "2.12.23-12ubuntu2.2", "binary_name": "libgnutls-openssl27" }, { "binary_version": "2.12.23-12ubuntu2.2", "binary_name": "libgnutls26" }, { "binary_version": "2.12.23-12ubuntu2.2", "binary_name": "libgnutls26-dbg" }, { "binary_version": "2.12.23-12ubuntu2.2", "binary_name": "libgnutlsxx27" } ] }