desktop-packages team mailing list archive

Thread
Date
[Bug 880226] Re: sevrver does not support RFC 5746, see CVE-2009-3555

To: desktop-packages@xxxxxxxxxxxxxxxxxxx
From: Micah Gersten <launchpad@xxxxxxxxxxxxxxxxxxx>
Date: Sun, 23 Oct 2011 08:25:13 -0000
Reply-to: Bug 880226 <880226@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
*** This bug is a duplicate of bug 798672 ***
    https://bugs.launchpad.net/bugs/798672

Thank you for reporting this to Ubuntu.  Starting with Firefox 4, these sites have been disabled by default.  This has been a known security issue for quite a while.  This issue is the same as bug 798672 where an upstream bug is linked.  The upstream bug does contain more information as well as links about where this was fixed.  There is some documentation here as well: https://wiki.mozilla.org/Security:Renegotiation
Please contact the site owner in question about this issue.  Please report any other issues you may find.

** Changed in: firefox (Ubuntu)
       Status: New => Invalid

** This bug has been marked a duplicate of bug 798672
   Firefox 5 unable to renegotiate on SSL socket

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/880226

Title:
  sevrver does not support RFC 5746, see CVE-2009-3555

Status in “firefox” package in Ubuntu:
  Invalid

Bug description:
  Affected Ubuntu 11.04 on two computers and 11.10 amd64 too, since latest browser update.
  firefox        7.0.1+build1+n

  Several pages are inaccessible in ssl sessions by this bug, it is
  visible in the error-console while the browser is hourglassing
  forever. It is NOT okay to force thousands of server admins to repair
  something that is based on a client ignorance like these new ff
  version.

  ProblemType: Bug
  DistroRelease: Ubuntu 11.04
  Package: firefox 7.0.1+build1+nobinonly-0ubuntu0.11.04.1
  ProcVersionSignature: Ubuntu 2.6.38-11.50-genusername 2.6.38.8
  Uname: Linux 2.6.38-11-generic i686
  AddonCompatCheckDisabled: False
  AlsaVersion: Advanced Linux Sound Architecture Driver Version 1.0.23.
  Architecture: i386
  AudioDevicesInUse:
   USER        PID ACCESS COMMAND
   /dev/snd/controlC0:  eric       1815 F.... pulseaudio
  BuildID: 20110928224103
  Card0.Amixer.info:
   Card hw:0 'I82801DBICH4'/'Intel 82801DB-ICH4 with AD1981B at irq 5'
     Mixer name	: 'Analog Devices AD1981B'
     Components	: 'AC97a:41445374'
     Controls      : 26
     Simple ctrls  : 18
  Card29.Amixer.info:
   Card hw:29 'ThinkPadEC'/'ThinkPad Console Audio Control at EC reg 0x30, fw 1RHT71WW-3.04'
     Mixer name	: 'ThinkPad EC 1RHT71WW-3.04'
     Components	: ''
     Controls      : 2
     Simple ctrls  : 1
  Card29.Amixer.values:
   Simple mixer control 'Console',0
     Capabilities: pvolume pvolume-joined pswitch pswitch-joined penum
     Playback channels: Mono
     Limits: Playback 0 - 14
     Mono: Playback 9 [64%] [on]
  Channel: release
  CurrentDmesg: Error: command ['sh', '-c', 'dmesg | comm -13 --nocheck-order /var/log/dmesg -'] failed with exit code 1: comm: /var/log/dmesg: Permission denied
  Date: Sun Oct 23 09:51:46 2011
  EcryptfsInUse: Yes
  ForcedLayersAccel: False
  IfupdownConfig:
   auto lo
   iface lo inet loopback
  InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Alpha i386 (20110318)
  IpRoute:
   192.168.1.0/24 dev wlan0  proto kernel  scope link  src 192.168.1.136  metric 2 
   169.254.0.0/16 dev wlan0  scope link  metric 1000 
   default via 192.168.1.1 dev wlan0  proto static
  Plugins:
   QuickTime Plug-in 7.6.6 - Lib=libtotem-narrowspace-plugin.so, Location=/usr/lib/mozilla/plugins
   DivX® Web Player - Lib=libtotem-mully-plugin.so, Location=/usr/lib/mozilla/plugins
   Windows Media Player Plug-in 10 (compatible; Totem) - Lib=libtotem-gmp-plugin.so, Location=/usr/lib/mozilla/plugins
   VLC Multimedia Plugin (compatible Totem 2.32.0) - Lib=libtotem-cone-plugin.so, Location=/usr/lib/mozilla/plugins
   Shockwave Flash - Lib=libflashplayer.so, Location=/usr/lib/mozilla/plugins
  ProcEnviron:
   LANGUAGE=de_DE:en
   LANG=de_DE.UTF-8
   SHELL=/bin/bash
  Profiles: Profile0 (Default) - LastVersion=7.0.1/20110928224103 (Running)
  RunningIncompatibleAddons: False
  SourcePackage: firefox
  UpgradeStatus: Upgraded to natty on 2011-03-25 (212 days ago)
  dmi.bios.date: 06/18/2007
  dmi.bios.vendor: IBM
  dmi.bios.version: 1RETDRWW (3.23 )
  dmi.board.name: 2373L77
  dmi.board.vendor: IBM
  dmi.board.version: Not Available
  dmi.chassis.asset.tag: No Asset Information
  dmi.chassis.type: 10
  dmi.chassis.vendor: IBM
  dmi.chassis.version: Not Available
  dmi.modalias: dmi:bvnIBM:bvr1RETDRWW(3.23):bd06/18/2007:svnIBM:pn2373L77:pvrThinkPadT42:rvnIBM:rn2373L77:rvrNotAvailable:cvnIBM:ct10:cvrNotAvailable:
  dmi.product.name: 2373L77
  dmi.product.version: ThinkPad T42
  dmi.sys.vendor: IBM

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/880226/+subscriptions
References

[Bug 880226] [NEW] sevrver does not support RFC 5746, see CVE-2009-3555
From: EricDHH, 2011-10-23