*** This bug is a security vulnerability *** Public security bug reported:
PRETTY_NAME="Ubuntu 13.10" VERSION="13.10, Saucy Salamander" Package: w3m Origin: Ubuntu Maintainer: Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com> Bugs: https://bugs.launchpad.net/ubuntu/+filebug Architecture: i386 Multi-Arch: foreign Version: 0.5.3-11 Using w3m to browse the SSL checking site https://www.howsmyssl.com/ reveals the following two security issues -- Version Improvable Your client is using TLS 1.1. It would be better to be TLS 1.2, but at least it isn't susceptible to the BEAST attack. But, it also doesn't have the AES-GCM cipher suite available. Insecure Cipher Suites Bad Your client supports cipher suites that are known to be insecure: • TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA: This cipher uses keys smaller than 128 bits in its encryption. • TLS_DHE_DSS_WITH_DES_CBC_SHA: This cipher uses keys smaller than 128 bits in its encryption. • TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA: This cipher uses keys smaller than 128 bits in its encryption. • TLS_DHE_RSA_WITH_DES_CBC_SHA: This cipher uses keys smaller than 128 bits in its encryption. • TLS_RSA_EXPORT_WITH_DES40_CBC_SHA: This cipher uses keys smaller than 128 bits in its encryption. • TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5: This cipher uses keys smaller than 128 bits in its encryption. • TLS_RSA_EXPORT_WITH_RC4_40_MD5: This cipher uses keys smaller than 128 bits in its encryption. • TLS_RSA_WITH_DES_CBC_SHA: This cipher uses keys smaller than 128 bits in its encryption. ** Affects: w3m (Ubuntu) Importance: Undecided Status: New ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to w3m in Ubuntu. https://bugs.launchpad.net/bugs/1302886 Title: w3m -- ssl security check reveals flaws To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/w3m/+bug/1302886/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
