Red Hat Security Advisory 2015-1457-01 - The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security. It was found that GnuTLS did not check activation and expiration dates of CA certificates. This could cause an application using GnuTLS to incorrectly accept a certificate as valid when its issuing CA is already expired. It was found that GnuTLS did not verify whether a hashing algorithm listed in a signature matched the hashing algorithm listed in the certificate. An attacker could create a certificate that used a different hashing algorithm than it claimed, possibly causing GnuTLS to use an insecure, disallowed hashing algorithm during certificate verification.
0e90819c7dede66c108305ff1ef47cc14cd77797c9369228703778be58642b5d
Ubuntu Security Notice 2540-1 - It was discovered that GnuTLS did not perform date and time checks on CA certificates, contrary to expectations. This issue only affected Ubuntu 10.04 LTS. Nikos Mavrogiannopoulos discovered that GnuTLS incorrectly verified that signature algorithms matched. A remote attacker could possibly use this issue to downgrade to a disallowed algorithm. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Various other issues were also addressed.
faa3f38df2a778a2e8d6ecb02bc1d46cf098d1bce9d470cf79399514146a00c2