desktop-packages team mailing list archive

Thread
Date

[Bug 1465014] [NEW] after update still vulnerable against LOGJAM

To: desktop-packages@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1465014@xxxxxxxxxxxxxxxxxx>
Date: Mon, 15 Jun 2015 16:40:00 -0000
Reply-to: Bug 1465014 <1465014@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

You have been subscribed to a public bug:

Hint: http://www.ubuntu.com/usn/usn-2639-1/

" As a security improvement, this update also modifies OpenSSL behaviour
to reject DH key sizes below 768 bits, preventing a possible downgrade
attack. "

I installed the update but the test site says, i'm still vulnerable (see attachted screen shot).
Site: https://weakdh.org/

- Xubuntu 15.04  --  up-to-date

- openSSL 1.0.1f-1ubuntu11.4  --  up-to-date

- Firefox 38.0+build3-0ubuntu0.15.04.1  --   up-to-date (even there are the versions 38.0.5 and 38.0.6 on the mozilla server available)
- Chromium 43.0.2357.81-0ubuntu0.15.04.1.1170  --  up-to-date

--------------------------------------------------------------------------------

ProblemType: Bug
DistroRelease: Ubuntu 15.04
Package: openssl 1.0.1f-1ubuntu11.4
ProcVersionSignature: Ubuntu 3.19.0-20.20-generic 3.19.8
Uname: Linux 3.19.0-20-generic x86_64
ApportVersion: 2.17.2-0ubuntu1.1
Architecture: amd64
Date: Sun Jun 14 15:34:46 2015
InstallationDate: Installed on 2015-05-28 (16 days ago)
InstallationMedia: Xubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422.1)
SourcePackage: openssl
UpgradeStatus: No upgrade log present (probably fresh install)

** Affects: firefox (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug vivid
-- 
after update still vulnerable against LOGJAM
https://bugs.launchpad.net/bugs/1465014
You received this bug notification because you are a member of Desktop Packages, which is subscribed to firefox in Ubuntu.