touch-packages team mailing list archive

Thread
Date

[Bug 1469834] Re: openssl 1.0.1f-1ubuntu2.15 prevents connection to WPA Enterprise networks

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: "John B." <1469834@xxxxxxxxxxxxxxxxxx>
Date: Mon, 03 Aug 2015 18:02:43 -0000
Reply-to: Bug 1469834 <1469834@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Information type changed from Private Security to Public

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1469834

Title:
  openssl 1.0.1f-1ubuntu2.15 prevents connection to WPA Enterprise
  networks

Status in openssl package in Ubuntu:
  Triaged

Bug description:
  The current version of openssl/libssl in Ubuntu 14.04 (1.0.1f-
  1ubuntu2.15) breaks wireless connectivity to WPA Enterprise networks
  at my institution.  WPA 2 personal networks are unaffected (my home
  setup).  If I install the "-1ubuntu2.12" version of openssl, libssl
  (amd64 and i386) I can once again connect to the WPA Enterprise
  network (I need to manually restart networking via network-manager
  *and* make sure to kill wpa_supplicant from the command line to make
  sure that the broken library is no longer loaded).


  The WPA Enterprise network in question can be accessed a few different
  ways.  One way uses TLS and certs, the other uses Tunneled TLS, no
  cert, but a username/password combination.  Both methods break upon
  installing the new openssl & libssl.

  I'm marking this as a security vulnerability because the only way (for
  me) to currently access WPA Enterprise networks is to run an older
  version of openssl&libssl.

  lsb_release -rd
  Description:	Ubuntu 14.04.2 LTS
  Release:	14.04

  *Working* version of package:
  apt-cache policy openssl
  openssl:
    Installed: 1.0.1f-1ubuntu2.12
    Candidate: 1.0.1f-1ubuntu2.15
    Version table:
       1.0.1f-1ubuntu2.15 0
          500 http://us.archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 Packages
          500 http://security.ubuntu.com/ubuntu/ trusty-security/main amd64 Packages
   *** 1.0.1f-1ubuntu2.12 0
          100 /var/lib/dpkg/status
       1.0.1f-1ubuntu2 0
          500 http://us.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages

  The "candidate" version listed above breaks WPA enterprise.

  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: openssl 1.0.1f-1ubuntu2.12
  ProcVersionSignature: Ubuntu 3.13.0-55.94-generic 3.13.11-ckt20
  Uname: Linux 3.13.0-55-generic x86_64
  ApportVersion: 2.14.1-0ubuntu3.11
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Mon Jun 29 13:05:58 2015
  SourcePackage: openssl
  UpgradeStatus: Upgraded to trusty on 2014-06-03 (391 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1469834/+subscriptions