*** This bug is a security vulnerability *** Public security bug reported:
PRETTY_NAME="Ubuntu 14.04 LTS" VERSION="14.04, Trusty Tahr" Package: w3m Priority: optional Section: text Origin: Ubuntu Maintainer: Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com> Bugs: https://bugs.launchpad.net/ubuntu/+filebug Version: 0.5.3-15 Supported: 5y Using w3m to visit the site <https://www.howsmyssl.COM/> reveals the following security issue -- QUOTE Insecure Cipher Suites Bad Your client supports cipher suites that are known to be insecure: * TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA: This cipher uses keys smaller than 128 bits in its encryption. * TLS_DHE_DSS_WITH_DES_CBC_SHA: This cipher uses keys smaller than 128 bits in its encryption. * TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA: This cipher uses keys smaller than 128 bits in its encryption. * TLS_DHE_RSA_WITH_DES_CBC_SHA: This cipher uses keys smaller than 128 bits in its encryption. * TLS_RSA_EXPORT_WITH_DES40_CBC_SHA: This cipher uses keys smaller than 128 bits in its encryption. * TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5: This cipher uses keys smaller than 128 bits in its encryption. * TLS_RSA_EXPORT_WITH_RC4_40_MD5: This cipher uses keys smaller than 128 bits in its encryption. * TLS_RSA_WITH_DES_CBC_SHA: This cipher uses keys smaller than 128 bits in its encryption. UNQUOTE ** Affects: w3m (Ubuntu) Importance: Undecided Status: New ** Tags: security vulnerability ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to w3m in Ubuntu. https://bugs.launchpad.net/bugs/1325674 Title: w3m supports insecure cypher suites To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/w3m/+bug/1325674/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
