Public bug reported: Hint: http://www.ubuntu.com/usn/usn-2639-1/
" As a security improvement, this update also modifies OpenSSL behaviour to reject DH key sizes below 768 bits, preventing a possible downgrade attack. " I installed the update but the test site says, i'm still vulnerable (see attachted screen shot). Site: https://weakdh.org/ - Xubuntu 15.04 -- up-to-date - openSSL 1.0.1f-1ubuntu11.4 -- up-to-date - Firefox 38.0+build3-0ubuntu0.15.04.1 -- up-to-date (even there are the versions 38.05 and 38.0.6 on the mozilla server availeable) - Chromium 43.0.2357.81-0ubuntu0.15.04.1.1170 -- up-to-date ProblemType: Bug DistroRelease: Ubuntu 15.04 Package: openssl 1.0.1f-1ubuntu11.4 ProcVersionSignature: Ubuntu 3.19.0-20.20-generic 3.19.8 Uname: Linux 3.19.0-20-generic x86_64 ApportVersion: 2.17.2-0ubuntu1.1 Architecture: amd64 Date: Sun Jun 14 15:34:46 2015 InstallationDate: Installed on 2015-05-28 (16 days ago) InstallationMedia: Xubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422.1) SourcePackage: openssl UpgradeStatus: No upgrade log present (probably fresh install) ** Affects: openssl (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug vivid ** Attachment added: "Bildschirmfoto_2015-06-14_15-34-26.png" https://bugs.launchpad.net/bugs/1465014/+attachment/4414661/+files/Bildschirmfoto_2015-06-14_15-34-26.png ** Description changed: Hint: http://www.ubuntu.com/usn/usn-2639-1/ " As a security improvement, this update also modifies OpenSSL behaviour to reject DH key sizes below 768 bits, preventing a possible downgrade attack. " - I installed the update but the test site says, i'm still vunerable (see attachted screen shot). + I installed the update but the test site says, i'm still vulnerable (see attachted screen shot). Site: https://weakdh.org/ - Xubuntu 15.04 -- up-to-date - Firefox 38.0+build3-0ubuntu0.15.04.1 -- up-to-date (even there are the versions 38.05 and 38.0.6 on the mozilla server availeable) - openSSL 1.0.1f-1ubuntu11.4 -- up-to-date ProblemType: Bug DistroRelease: Ubuntu 15.04 Package: openssl 1.0.1f-1ubuntu11.4 ProcVersionSignature: Ubuntu 3.19.0-20.20-generic 3.19.8 Uname: Linux 3.19.0-20-generic x86_64 ApportVersion: 2.17.2-0ubuntu1.1 Architecture: amd64 Date: Sun Jun 14 15:34:46 2015 InstallationDate: Installed on 2015-05-28 (16 days ago) InstallationMedia: Xubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422.1) SourcePackage: openssl UpgradeStatus: No upgrade log present (probably fresh install) ** Summary changed: - after update still vunerable against LOGJAM + after update still vulnerable against LOGJAM ** Description changed: Hint: http://www.ubuntu.com/usn/usn-2639-1/ " As a security improvement, this update also modifies OpenSSL behaviour to reject DH key sizes below 768 bits, preventing a possible downgrade attack. " I installed the update but the test site says, i'm still vulnerable (see attachted screen shot). Site: https://weakdh.org/ - Xubuntu 15.04 -- up-to-date + + - openSSL 1.0.1f-1ubuntu11.4 -- up-to-date + - Firefox 38.0+build3-0ubuntu0.15.04.1 -- up-to-date (even there are the versions 38.05 and 38.0.6 on the mozilla server availeable) - - openSSL 1.0.1f-1ubuntu11.4 -- up-to-date + - Chromium 43.0.2357.81-0ubuntu0.15.04.1.1170 -- up-to-date ProblemType: Bug DistroRelease: Ubuntu 15.04 Package: openssl 1.0.1f-1ubuntu11.4 ProcVersionSignature: Ubuntu 3.19.0-20.20-generic 3.19.8 Uname: Linux 3.19.0-20-generic x86_64 ApportVersion: 2.17.2-0ubuntu1.1 Architecture: amd64 Date: Sun Jun 14 15:34:46 2015 InstallationDate: Installed on 2015-05-28 (16 days ago) InstallationMedia: Xubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422.1) SourcePackage: openssl UpgradeStatus: No upgrade log present (probably fresh install) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1465014 Title: after update still vulnerable against LOGJAM Status in openssl package in Ubuntu: New Bug description: Hint: http://www.ubuntu.com/usn/usn-2639-1/ " As a security improvement, this update also modifies OpenSSL behaviour to reject DH key sizes below 768 bits, preventing a possible downgrade attack. " I installed the update but the test site says, i'm still vulnerable (see attachted screen shot). Site: https://weakdh.org/ - Xubuntu 15.04 -- up-to-date - openSSL 1.0.1f-1ubuntu11.4 -- up-to-date - Firefox 38.0+build3-0ubuntu0.15.04.1 -- up-to-date (even there are the versions 38.05 and 38.0.6 on the mozilla server availeable) - Chromium 43.0.2357.81-0ubuntu0.15.04.1.1170 -- up-to-date ProblemType: Bug DistroRelease: Ubuntu 15.04 Package: openssl 1.0.1f-1ubuntu11.4 ProcVersionSignature: Ubuntu 3.19.0-20.20-generic 3.19.8 Uname: Linux 3.19.0-20-generic x86_64 ApportVersion: 2.17.2-0ubuntu1.1 Architecture: amd64 Date: Sun Jun 14 15:34:46 2015 InstallationDate: Installed on 2015-05-28 (16 days ago) InstallationMedia: Xubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422.1) SourcePackage: openssl UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1465014/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
