openssl CVE-2014-0224 fix broke tls_session_secret_cb and EAP-FAST
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openssl (Ubuntu) |
Fix Released
|
Undecided
|
Marc Deslauriers | ||
Lucid |
Invalid
|
Undecided
|
Marc Deslauriers | ||
Precise |
Fix Released
|
Undecided
|
Marc Deslauriers | ||
Saucy |
Fix Released
|
Undecided
|
Marc Deslauriers | ||
Trusty |
Fix Released
|
Undecided
|
Marc Deslauriers | ||
Utopic |
Fix Released
|
Undecided
|
Marc Deslauriers |
Bug Description
The recently introduced openssl update to fix the CVE-2014-0224 vulnerability missed one code path where ChangeCipherSpec needs to be allowed. tls_session_
The upstream fix for the issue:
Upstream report and discussion related to the issue:
http://
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: openssl 1.0.1f-1ubuntu2.2
ProcVersionSign
Uname: Linux 3.13.0-29-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.2
Architecture: amd64
CurrentDesktop: Unity
Date: Thu Jun 12 14:54:57 2014
InstallationDate: Installed on 2014-04-17 (55 days ago)
InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Release amd64 (20140417)
SourcePackage: openssl
UpgradeStatus: No upgrade log present (probably fresh install)
Thanks for reporting this!