desktop-packages team mailing list archive
-
desktop-packages team
-
Mailing list archive
-
Message #144977
[Bug 1505328] Re: Cups SSL is vulernable to POODLE
None of these issues exist in vivid, cups version 2.0.2-1ubuntu3.2. No
RC4, No SSLv3, No Poodle on TLS. Would have an A- rating (if it was a
valid domain/cert).
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1505328
Title:
Cups SSL is vulernable to POODLE
Status in cups package in Ubuntu:
New
Bug description:
On 12.04 and 14.04 if you enable cups ssl you are vulnerable to
poodle, and there does not appear to be any way to mitigate it in Cups
config.
Ubuntu 14.04 - https://www.ssllabs.com/ssltest/analyze.html?d=190.35.213.162.lcy-02.canonistack.canonical.com&hideResults=on
Ubuntu 12.04 - https://www.ssllabs.com/ssltest/analyze.html?d=191.35.213.162.lcy-02.canonistack.canonical.com&hideResults=on
Fixed in wily - https://www.ssllabs.com/ssltest/analyze.html?d=192.35.213.162.lcy-02.canonistack.canonical.com&hideResults=on
Upstream fix - https://www.cups.org/str.php?L4476
Should we disable ssvl3 in the 12.04/14.04 cups by default and
backport the option to turn it back on?
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1505328/+subscriptions
References