- Canonical Ubuntu 10.04 LTS and 14.04 LTS
Several security issues were fixed in GnuTLS. This issue only affects versions of GnuTLS prior to 3.1.0 (released in 2012). These versions don’t verify the RSA PKCS #1 signature algorithm to match the signature algorithm in the certificate, leading to a potential downgrade to a disallowed algorithm, such as MD5, without detecting it.
Affected Products and Versions
Severity is medium unless otherwise noted.
- The Cloud Foundry team is expecting to release a patched BOSH stemcell and Elastic Runtime release with an upgraded GnuTLS packages.
Users of affected versions should apply the following mitigation:
- The Cloud Foundry team has determined that the project software is unlikely to be affected by the GnuTLS vulnerability and therefore do not require immediate updates. A future release of Cloud Foundry will update GnuTLS with the patched packages.