[Bug 1510163] Re: Poodle TLS1.0 issue in Trusty (and Precise)

2015-11-30 Thread Hanno Böck
Took me a bit longer, but blogpost is now public and explains the issue in detail including its history and first incomplete fix: https://blog.hboeck.de/archives/877-A-little-POODLE-left-in-GnuTLS-old-versions.html -- You received this bug notification because you are a member of Ubuntu Bugs,

[Bug 1510163] Re: Poodle TLS1.0 issue in Trusty (and Precise)

2015-11-30 Thread Marc Deslauriers
Publishing as a security update now, thanks! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1510163 Title: Poodle TLS1.0 issue in Trusty (and Precise) To manage notifications about this bug go to:

[Bug 1510163] Re: Poodle TLS1.0 issue in Trusty (and Precise)

2015-11-30 Thread Launchpad Bug Tracker
This bug was fixed in the package gnutls26 - 2.12.23-12ubuntu2.3 --- gnutls26 (2.12.23-12ubuntu2.3) trusty-security; urgency=medium * SECURITY UPDATE: Poodle TLS issue - debian/patches/fix_tls_poodle.patch: fixes off by one issue in padding check. Patch created by

[Bug 1510163] Re: Poodle TLS1.0 issue in Trusty (and Precise)

2015-11-30 Thread Launchpad Bug Tracker
This bug was fixed in the package gnutls26 - 2.12.14-5ubuntu3.10 --- gnutls26 (2.12.14-5ubuntu3.10) precise-security; urgency=low * SECURITY UPDATE: Poodle TLS issue - debian/patches/fix_tls_poodle.patch: fixes off by one issue in padding check. Patch created by

[Bug 1510163] Re: Poodle TLS1.0 issue in Trusty (and Precise)

2015-11-30 Thread Mathew Hodson
** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2015-8313 ** CVE removed: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-3566 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1510163] Re: Poodle TLS1.0 issue in Trusty (and Precise)

2015-11-26 Thread Mathew Hodson
** Changed in: gnutls26 (Ubuntu Precise) Status: Confirmed => Triaged ** Changed in: gnutls26 (Ubuntu Trusty) Status: Confirmed => Triaged -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1510163] Re: Poodle TLS1.0 issue in Trusty (and Precise)

2015-11-26 Thread Marc Deslauriers
Hi Bryan, Thanks for the debdiffs! Where did you obtain the patch from Hanno Boeck from? ** Also affects: gnutls26 (Ubuntu Precise) Importance: Undecided Status: New ** Also affects: gnutls26 (Ubuntu Trusty) Importance: Undecided Status: New -- You received this bug

[Bug 1510163] Re: Poodle TLS1.0 issue in Trusty (and Precise)

2015-11-26 Thread Bryan Quigley
Hi Marc, In an private email, he did mention that he planned to blog about it in the future. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1510163 Title: Poodle TLS1.0 issue in Trusty (and

[Bug 1510163] Re: Poodle TLS1.0 issue in Trusty (and Precise)

2015-11-26 Thread Marc Deslauriers
** Changed in: gnutls26 (Ubuntu Precise) Status: New => Confirmed ** Changed in: gnutls26 (Ubuntu Trusty) Status: New => Confirmed ** Changed in: gnutls26 (Ubuntu Precise) Importance: Undecided => High ** Changed in: gnutls26 (Ubuntu Trusty) Importance: Undecided => High **

[Bug 1510163] Re: Poodle TLS1.0 issue in Trusty (and Precise)

2015-11-25 Thread Bryan Quigley
** Description changed: This issue is present in Trusty and Precise with the stock main gnutls - https://community.qualys.com/blogs/securitylabs/2014/12/08/poodle-bites- tls If I switch cups to use gnutls28-dev on 14.04 the issue appears to go away according to ssllabs. My test

[Bug 1510163] Re: Poodle TLS1.0 issue in Trusty (and Precise)

2015-11-25 Thread Bryan Quigley
** Patch added: "precise debdiff" https://bugs.launchpad.net/ubuntu/+source/gnutls26/+bug/1510163/+attachment/4525422/+files/gnutls26_2.12.14-5ubuntu3.10.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1510163] Re: Poodle TLS1.0 issue in Trusty (and Precise)

2015-11-25 Thread Bryan Quigley
Tested both with ssllabs should go from F rating to C rating - POODLE TLS issue should be gone, but SSLv3 will still be enabled. That's a separate bug - 1505328. ** Patch added: "trusty debdiff"

[Bug 1510163] Re: Poodle TLS1.0 issue in Trusty (and Precise)

2015-11-25 Thread Bryan Quigley
Unlike the other cups patch, this gnutls bug I believe should go to security pocket. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1510163 Title: Poodle TLS1.0 issue in Trusty (and Precise) To

[Bug 1510163] Re: Poodle TLS1.0 issue in Trusty (and Precise)

2015-11-25 Thread Bryan Quigley
** Description changed: - This issue is present in Trusty and Precise with the stock main gnutls - - https://community.qualys.com/blogs/securitylabs/2014/12/08/poodle-bites- - tls - - If I switch cups to use gnutls28-dev on 14.04 the issue appears to go - away according to ssllabs. My test

[Bug 1510163] Re: Poodle TLS1.0 issue in Trusty (and Precise)

2015-11-08 Thread Mathew Hodson
** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-3566 ** Changed in: gnutls26 (Ubuntu) Importance: Undecided => High ** Tags added: poodle -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1510163] Re: Poodle TLS1.0 issue in Trusty (and Precise)

2015-10-29 Thread Bryan Quigley
** Information type changed from Public to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1510163 Title: Poodle TLS1.0 issue in Trusty (and Precise) To manage notifications about