desktop-packages team mailing list archive
-
desktop-packages team
-
Mailing list archive
-
Message #76967
[Bug 1383512] [NEW] SSL 3.0 is vulnerable, browser should not use
*** This bug is a security vulnerability ***
Public security bug reported:
Release:14.04.1
Version: 37.0.2062.120-0ubuntu0.14.04.1~pkg1049
The Chromium browser requires an additonal flag to be specified at
invocation to avoid falling back kto SSL 3.0 which is a vulnerable
protocol. This option/flag should be specified by default. SSL 3.0 is
slated to be removed in the future, so the impact of this change is
inevitable.
More detail at:
http://www.kb.cert.org/vuls/id/577193
Browser reconfiguration info can be found at:
http://nakedsecurity.sophos.com/poodle-some-tips-for-turning-off-ssl-3-0/
For Ubuntu, the attached patch should be sufficient.
(chromium_poodle.patch)
-Matt
** Affects: chromium-browser (Ubuntu)
Importance: Undecided
Status: New
** Patch added: "Work-around"
https://bugs.launchpad.net/bugs/1383512/+attachment/4240841/+files/chromium_poodle.patch
** Information type changed from Private Security to Public
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to chromium-browser in Ubuntu.
https://bugs.launchpad.net/bugs/1383512
Title:
SSL 3.0 is vulnerable, browser should not use
Status in “chromium-browser” package in Ubuntu:
New
Bug description:
Release:14.04.1
Version: 37.0.2062.120-0ubuntu0.14.04.1~pkg1049
The Chromium browser requires an additonal flag to be specified at
invocation to avoid falling back kto SSL 3.0 which is a vulnerable
protocol. This option/flag should be specified by default. SSL 3.0
is slated to be removed in the future, so the impact of this change is
inevitable.
More detail at:
http://www.kb.cert.org/vuls/id/577193
Browser reconfiguration info can be found at:
http://nakedsecurity.sophos.com/poodle-some-tips-for-turning-off-ssl-3-0/
For Ubuntu, the attached patch should be sufficient.
(chromium_poodle.patch)
-Matt
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1383512/+subscriptions
Follow ups
References