*** This bug is a security vulnerability *** Public security bug reported:
On 12.04 and 14.04 if you enable cups ssl you are vulnerable to poodle, and there does not appear to be any way to mitigate it in Cups config. Ubuntu 14.04 - https://www.ssllabs.com/ssltest/analyze.html?d=190.35.213.162.lcy-02.canonistack.canonical.com&hideResults=on Ubuntu 12.04 - https://www.ssllabs.com/ssltest/analyze.html?d=191.35.213.162.lcy-02.canonistack.canonical.com&hideResults=on Fixed in wily - https://www.ssllabs.com/ssltest/analyze.html?d=192.35.213.162.lcy-02.canonistack.canonical.com&hideResults=on Upstream fix - https://www.cups.org/str.php?L4476 Should we disable ssvl3 in the 12.04/14.04 cups by default and backport the option to turn it back on? ** Affects: cups (Ubuntu) Importance: Undecided Status: New ** Information type changed from Public to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1505328 Title: Cups SSL is vulernable to POODLE To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1505328/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
