[Bug 1370478] Re: [CVE-2014-3616] possible to reuse cached SSL sessions in unrelated contexts
This bug was fixed in the package nginx - 1.1.19-1ubuntu0.7 --- nginx (1.1.19-1ubuntu0.7) precise-security; urgency=medium * SECURITY UPDATE: incorrect cached SSL session reuse (LP: #1370478) - debian/patches/CVE-2014-3616.patch: Use a random value for session id context, since there is no support for shared TLS Session Tickets in this version in src/event/ngx_event_openssl.c. - CVE-2014-3616 -- Lev Lazinskiy llazins...@linode.com Fri, 05 Dec 2014 22:25:50 -0500 ** Changed in: nginx (Ubuntu Precise) Status: Confirmed = Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nginx in Ubuntu. https://bugs.launchpad.net/bugs/1370478 Title: [CVE-2014-3616] possible to reuse cached SSL sessions in unrelated contexts To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1370478/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1370478] Re: [CVE-2014-3616] possible to reuse cached SSL sessions in unrelated contexts
** Changed in: nginx (Ubuntu Utopic) Status: Confirmed = Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nginx in Ubuntu. https://bugs.launchpad.net/bugs/1370478 Title: [CVE-2014-3616] possible to reuse cached SSL sessions in unrelated contexts To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1370478/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1370478] Re: [CVE-2014-3616] possible to reuse cached SSL sessions in unrelated contexts
This bug was fixed in the package nginx - 1.4.6-1ubuntu3.1 --- nginx (1.4.6-1ubuntu3.1) trusty-security; urgency=medium * SECURITY UPDATE: incorrect cached SSL session reuse (LP: #1370478) - debian/patches/CVE-2014-3616.patch: include hash of certificate in session id context in src/event/ngx_event_openssl.c. - CVE-2014-3616 -- Marc Deslauriers marc.deslauri...@ubuntu.com Wed, 17 Sep 2014 08:56:46 -0400 ** Changed in: nginx (Ubuntu Trusty) Status: Confirmed = Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nginx in Ubuntu. https://bugs.launchpad.net/bugs/1370478 Title: [CVE-2014-3616] possible to reuse cached SSL sessions in unrelated contexts To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1370478/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1370478] Re: [CVE-2014-3616] possible to reuse cached SSL sessions in unrelated contexts
** Branch linked: lp:ubuntu/trusty-security/nginx -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nginx in Ubuntu. https://bugs.launchpad.net/bugs/1370478 Title: [CVE-2014-3616] possible to reuse cached SSL sessions in unrelated contexts To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1370478/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1370478] Re: [CVE-2014-3616] possible to reuse cached SSL sessions in unrelated contexts
** Also affects: nginx (Ubuntu Lucid) Importance: Undecided Status: New ** Also affects: nginx (Ubuntu Precise) Importance: Undecided Status: New ** Also affects: nginx (Ubuntu Trusty) Importance: Undecided Status: New ** Also affects: nginx (Ubuntu Utopic) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nginx in Ubuntu. https://bugs.launchpad.net/bugs/1370478 Title: [CVE-2014-3616] possible to reuse cached SSL sessions in unrelated contexts To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1370478/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1370478] Re: [CVE-2014-3616] possible to reuse cached SSL sessions in unrelated contexts
** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-3616 ** Changed in: nginx (Ubuntu) Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nginx in Ubuntu. https://bugs.launchpad.net/bugs/1370478 Title: [CVE-2014-3616] possible to reuse cached SSL sessions in unrelated contexts To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1370478/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1370478] Re: [CVE-2014-3616] possible to reuse cached SSL sessions in unrelated contexts
** Changed in: nginx (Ubuntu Trusty) Status: New = Confirmed ** Changed in: nginx (Ubuntu Lucid) Status: New = Won't Fix ** Changed in: nginx (Ubuntu Precise) Status: New = Confirmed ** Changed in: nginx (Ubuntu Trusty) Assignee: (unassigned) = Marc Deslauriers (mdeslaur) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nginx in Ubuntu. https://bugs.launchpad.net/bugs/1370478 Title: [CVE-2014-3616] possible to reuse cached SSL sessions in unrelated contexts To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1370478/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1370478] Re: [CVE-2014-3616] possible to reuse cached SSL sessions in unrelated contexts
** Changed in: nginx (Debian) Status: Unknown = Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nginx in Ubuntu. https://bugs.launchpad.net/bugs/1370478 Title: [CVE-2014-3616] possible to reuse cached SSL sessions in unrelated contexts To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nginx/+bug/1370478/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
