touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #84224
[Bug 1465014] [NEW] after update still vulnerable against LOGJAM
Public bug reported:
Hint: http://www.ubuntu.com/usn/usn-2639-1/
" As a security improvement, this update also modifies OpenSSL behaviour
to reject DH key sizes below 768 bits, preventing a possible downgrade
attack. "
I installed the update but the test site says, i'm still vulnerable (see attachted screen shot).
Site: https://weakdh.org/
- Xubuntu 15.04 -- up-to-date
- openSSL 1.0.1f-1ubuntu11.4 -- up-to-date
- Firefox 38.0+build3-0ubuntu0.15.04.1 -- up-to-date (even there are the versions 38.05 and 38.0.6 on the mozilla server availeable)
- Chromium 43.0.2357.81-0ubuntu0.15.04.1.1170 -- up-to-date
ProblemType: Bug
DistroRelease: Ubuntu 15.04
Package: openssl 1.0.1f-1ubuntu11.4
ProcVersionSignature: Ubuntu 3.19.0-20.20-generic 3.19.8
Uname: Linux 3.19.0-20-generic x86_64
ApportVersion: 2.17.2-0ubuntu1.1
Architecture: amd64
Date: Sun Jun 14 15:34:46 2015
InstallationDate: Installed on 2015-05-28 (16 days ago)
InstallationMedia: Xubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422.1)
SourcePackage: openssl
UpgradeStatus: No upgrade log present (probably fresh install)
** Affects: openssl (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug vivid
** Attachment added: "Bildschirmfoto_2015-06-14_15-34-26.png"
https://bugs.launchpad.net/bugs/1465014/+attachment/4414661/+files/Bildschirmfoto_2015-06-14_15-34-26.png
** Description changed:
Hint: http://www.ubuntu.com/usn/usn-2639-1/
" As a security improvement, this update also modifies OpenSSL behaviour
to reject DH key sizes below 768 bits, preventing a possible downgrade
attack. "
- I installed the update but the test site says, i'm still vunerable (see attachted screen shot).
+ I installed the update but the test site says, i'm still vulnerable (see attachted screen shot).
Site: https://weakdh.org/
- Xubuntu 15.04 -- up-to-date
- Firefox 38.0+build3-0ubuntu0.15.04.1 -- up-to-date (even there are the versions 38.05 and 38.0.6 on the mozilla server availeable)
- openSSL 1.0.1f-1ubuntu11.4 -- up-to-date
ProblemType: Bug
DistroRelease: Ubuntu 15.04
Package: openssl 1.0.1f-1ubuntu11.4
ProcVersionSignature: Ubuntu 3.19.0-20.20-generic 3.19.8
Uname: Linux 3.19.0-20-generic x86_64
ApportVersion: 2.17.2-0ubuntu1.1
Architecture: amd64
Date: Sun Jun 14 15:34:46 2015
InstallationDate: Installed on 2015-05-28 (16 days ago)
InstallationMedia: Xubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422.1)
SourcePackage: openssl
UpgradeStatus: No upgrade log present (probably fresh install)
** Summary changed:
- after update still vunerable against LOGJAM
+ after update still vulnerable against LOGJAM
** Description changed:
Hint: http://www.ubuntu.com/usn/usn-2639-1/
" As a security improvement, this update also modifies OpenSSL behaviour
to reject DH key sizes below 768 bits, preventing a possible downgrade
attack. "
I installed the update but the test site says, i'm still vulnerable (see attachted screen shot).
Site: https://weakdh.org/
- Xubuntu 15.04 -- up-to-date
+
+ - openSSL 1.0.1f-1ubuntu11.4 -- up-to-date
+
- Firefox 38.0+build3-0ubuntu0.15.04.1 -- up-to-date (even there are the versions 38.05 and 38.0.6 on the mozilla server availeable)
- - openSSL 1.0.1f-1ubuntu11.4 -- up-to-date
+ - Chromium 43.0.2357.81-0ubuntu0.15.04.1.1170 -- up-to-date
ProblemType: Bug
DistroRelease: Ubuntu 15.04
Package: openssl 1.0.1f-1ubuntu11.4
ProcVersionSignature: Ubuntu 3.19.0-20.20-generic 3.19.8
Uname: Linux 3.19.0-20-generic x86_64
ApportVersion: 2.17.2-0ubuntu1.1
Architecture: amd64
Date: Sun Jun 14 15:34:46 2015
InstallationDate: Installed on 2015-05-28 (16 days ago)
InstallationMedia: Xubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422.1)
SourcePackage: openssl
UpgradeStatus: No upgrade log present (probably fresh install)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1465014
Title:
after update still vulnerable against LOGJAM
Status in openssl package in Ubuntu:
New
Bug description:
Hint: http://www.ubuntu.com/usn/usn-2639-1/
" As a security improvement, this update also modifies OpenSSL
behaviour to reject DH key sizes below 768 bits, preventing a possible
downgrade attack. "
I installed the update but the test site says, i'm still vulnerable (see attachted screen shot).
Site: https://weakdh.org/
- Xubuntu 15.04 -- up-to-date
- openSSL 1.0.1f-1ubuntu11.4 -- up-to-date
- Firefox 38.0+build3-0ubuntu0.15.04.1 -- up-to-date (even there are the versions 38.05 and 38.0.6 on the mozilla server availeable)
- Chromium 43.0.2357.81-0ubuntu0.15.04.1.1170 -- up-to-date
ProblemType: Bug
DistroRelease: Ubuntu 15.04
Package: openssl 1.0.1f-1ubuntu11.4
ProcVersionSignature: Ubuntu 3.19.0-20.20-generic 3.19.8
Uname: Linux 3.19.0-20-generic x86_64
ApportVersion: 2.17.2-0ubuntu1.1
Architecture: amd64
Date: Sun Jun 14 15:34:46 2015
InstallationDate: Installed on 2015-05-28 (16 days ago)
InstallationMedia: Xubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422.1)
SourcePackage: openssl
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1465014/+subscriptions
Follow ups
-
[Bug 1465014] Re: Firefox and Chromium still vulnerable against LOGJAM
From: Mathew Hodson, 2015-07-09
-
[Bug 1465014] Re: Firefox and Chromium still vulnerable against LOGJAM
From: Mathew Hodson, 2015-07-09
-
[Bug 1465014] Re: Firefox and Chromium still vulnerable against LOGJAM
From: Mathew Hodson, 2015-07-08
-
[Bug 1465014] Re: after update still vulnerable against LOGJAM
From: Bug Watch Updater, 2015-07-05
-
[Bug 1465014] Re: after update still vulnerable against LOGJAM
From: Haw Loeung, 2015-07-05
-
[Bug 1465014] Re: after update still vulnerable against LOGJAM
From: Alberto Salvia Novella, 2015-06-27
-
[Bug 1465014] Re: after update still vulnerable against LOGJAM
From: Marc Deslauriers, 2015-06-25
-
[Bug 1465014] Re: after update still vulnerable against LOGJAM
From: Alberto Salvia Novella, 2015-06-25
-
[Bug 1465014] Re: after update still vulnerable against LOGJAM
From: Haw Loeung, 2015-06-21
-
[Bug 1465014] Re: after update still vulnerable against LOGJAM
From: Alberto Salvia Novella, 2015-06-18
-
[Bug 1465014] Re: after update still vulnerable against LOGJAM
From: Launchpad Bug Tracker, 2015-06-16
-
[Bug 1465014] Re: after update still vulnerable against LOGJAM
From: Launchpad Bug Tracker, 2015-06-16
-
[Bug 1465014] Re: after update still vulnerable against LOGJAM
From: Haw Loeung, 2015-06-15
-
[Bug 1465014] Re: after update still vulnerable against LOGJAM
From: Haw Loeung, 2015-06-15
-
[Bug 1465014] Re: after update still vulnerable against LOGJAM
From: Marc Deslauriers, 2015-06-15
-
[Bug 1465014] Re: after update still vulnerable against LOGJAM
From: LAZA, 2015-06-15
-
[Bug 1465014] [NEW] after update still vulnerable against LOGJAM
From: LAZA, 2015-06-14
References