2015-10-26 16:02:33 |
Bryan Quigley |
bug |
|
|
added bug |
2015-10-26 16:04:30 |
Bryan Quigley |
tags |
|
precise trusty |
|
2015-10-29 19:36:44 |
Bryan Quigley |
information type |
Public |
Public Security |
|
2015-11-09 04:05:23 |
Mathew Hodson |
cve linked |
|
2014-3566 |
|
2015-11-09 04:07:24 |
Mathew Hodson |
gnutls26 (Ubuntu): importance |
Undecided |
High |
|
2015-11-09 04:08:05 |
Mathew Hodson |
tags |
precise trusty |
poodle precise trusty |
|
2015-11-25 16:49:48 |
Bryan Quigley |
description |
This issue is present in Trusty and Precise with the stock main gnutls - https://community.qualys.com/blogs/securitylabs/2014/12/08/poodle-bites-tls
If I switch cups to use gnutls28-dev on 14.04 the issue appears to go away according to ssllabs. My test case is cups with SSL on.
[1] http://pastebin.ubuntu.com/12970857/ |
This issue is present in Trusty and Precise with the stock main gnutls - https://community.qualys.com/blogs/securitylabs/2014/12/08/poodle-bites-tls
If I switch cups to use gnutls28-dev on 14.04 the issue appears to go away according to ssllabs. My test case is cups with SSL on.
Reproduction Steps:
launch a new trusty VM
sudo apt-get install cups
Open /etc/cups/cupsd.conf and change just this one section
...
# Only listen for connections from the local machine.
#Listen localhost:631
Listen /var/run/cups/cups.sock
SSLPort 443
SSLOptions None
ServerAlias 127.35.213.162.lcy-02.canonistack.canonical.com
...
Restart cups and then run the ssllabs test - https://www.ssllabs.com/ssltest/
[1] http://pastebin.ubuntu.com/12970857/ |
|
2015-11-25 20:31:06 |
Bryan Quigley |
description |
This issue is present in Trusty and Precise with the stock main gnutls - https://community.qualys.com/blogs/securitylabs/2014/12/08/poodle-bites-tls
If I switch cups to use gnutls28-dev on 14.04 the issue appears to go away according to ssllabs. My test case is cups with SSL on.
Reproduction Steps:
launch a new trusty VM
sudo apt-get install cups
Open /etc/cups/cupsd.conf and change just this one section
...
# Only listen for connections from the local machine.
#Listen localhost:631
Listen /var/run/cups/cups.sock
SSLPort 443
SSLOptions None
ServerAlias 127.35.213.162.lcy-02.canonistack.canonical.com
...
Restart cups and then run the ssllabs test - https://www.ssllabs.com/ssltest/
[1] http://pastebin.ubuntu.com/12970857/ |
[Impact]
Gnutls is affected by the Poodle TLS exploit https://community.qualys.com/blogs/securitylabs/2014/12/08/poodle-bites-tls
[Test Case]
launch a new trusty VM
sudo apt-get install cups
Open /etc/cups/cupsd.conf and change just this one section
...
# Only listen for connections from the local machine.
#Listen localhost:631
Listen /var/run/cups/cups.sock
SSLPort 443
SSLOptions None
ServerAlias 127.35.213.162.lcy-02.canonistack.canonical.com
...
Restart cups and then run the ssllabs test - https://www.ssllabs.com/ssltest/
[Regression Potential]
This is a simple off by one error, that's fixed in all newer versions of gnutls. |
|
2015-11-25 21:51:49 |
Bryan Quigley |
attachment added |
|
precise debdiff https://bugs.launchpad.net/ubuntu/+source/gnutls26/+bug/1510163/+attachment/4525422/+files/gnutls26_2.12.14-5ubuntu3.10.debdiff |
|
2015-11-25 21:54:19 |
Bryan Quigley |
attachment added |
|
trusty debdiff https://bugs.launchpad.net/ubuntu/+source/gnutls26/+bug/1510163/+attachment/4525426/+files/gnutls26_2.12.23-12ubuntu2.3.debdiff |
|
2015-11-25 21:54:57 |
Bryan Quigley |
nominated for series |
|
Ubuntu Precise |
|
2015-11-25 21:54:57 |
Bryan Quigley |
nominated for series |
|
Ubuntu Trusty |
|
2015-11-25 21:55:16 |
Bryan Quigley |
bug |
|
|
added subscriber Ubuntu Security Sponsors Team |
2015-11-26 12:03:34 |
Marc Deslauriers |
bug task added |
|
gnutls26 (Ubuntu Precise) |
|
2015-11-26 12:03:40 |
Marc Deslauriers |
bug task added |
|
gnutls26 (Ubuntu Trusty) |
|
2015-11-26 16:51:35 |
Marc Deslauriers |
gnutls26 (Ubuntu Precise): status |
New |
Confirmed |
|
2015-11-26 16:51:38 |
Marc Deslauriers |
gnutls26 (Ubuntu Trusty): status |
New |
Confirmed |
|
2015-11-26 16:51:42 |
Marc Deslauriers |
gnutls26 (Ubuntu Precise): importance |
Undecided |
High |
|
2015-11-26 16:51:44 |
Marc Deslauriers |
gnutls26 (Ubuntu Trusty): importance |
Undecided |
High |
|
2015-11-26 16:51:47 |
Marc Deslauriers |
gnutls26 (Ubuntu Precise): assignee |
|
Marc Deslauriers (mdeslaur) |
|
2015-11-26 16:51:50 |
Marc Deslauriers |
gnutls26 (Ubuntu Trusty): assignee |
|
Marc Deslauriers (mdeslaur) |
|
2015-11-26 16:51:55 |
Marc Deslauriers |
gnutls26 (Ubuntu): status |
New |
Fix Released |
|
2015-11-27 05:50:40 |
Mathew Hodson |
gnutls26 (Ubuntu Precise): status |
Confirmed |
Triaged |
|
2015-11-27 05:50:42 |
Mathew Hodson |
gnutls26 (Ubuntu Trusty): status |
Confirmed |
Triaged |
|
2015-11-30 19:55:09 |
Launchpad Janitor |
gnutls26 (Ubuntu Trusty): status |
Triaged |
Fix Released |
|
2015-11-30 20:05:14 |
Launchpad Janitor |
gnutls26 (Ubuntu Precise): status |
Triaged |
Fix Released |
|
2015-12-01 00:08:05 |
Mathew Hodson |
cve linked |
|
2015-8313 |
|
2015-12-01 00:08:21 |
Mathew Hodson |
cve unlinked |
2014-3566 |
|
|
2015-12-01 02:18:36 |
paz |
bug |
|
|
added subscriber paz |
2016-02-22 18:40:35 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/precise-security/gnutls26 |
|
2016-02-22 18:40:54 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/trusty-security/gnutls26 |
|