CVE-2015-4000 in Ubuntu

CVE-2015-4000

Priority

Medium

Description

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled
on a server but not on a client, does not properly convey a DHE_EXPORT
choice, which allows man-in-the-middle attackers to conduct
cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by
DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by
DHE, aka the "Logjam" issue.

References

Notes

mdeslaur> USN-2624-1 disables export ciphers completely in openssl
mdeslaur> USN-2625-1 disables export ciphers in apache2 in precise
sarnold> USN-2639-1 disables <768 bit dh parameters in openssl
mdeslaur> USN-2672-1 disables <768 bit dh parameters in nss
sbeattie> USN-2696-1 disables <768 bit dh parameters in openjdk-7
mdeslaur>
mdeslaur> gnutls isn't vulnerable to this issue and rejects small dh
mdeslaur> keys by default. On precise and trusty, the gnutls-cli tool
mdeslaur> unfortunately sets the minimum dh size to 512 using
mdeslaur> gnutls_dh_set_prime_bits(), so that must be disabled to test
mdeslaur> using the command line tool.

Package

Source: openjdk-7 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	DNE (precise was released [7u79-2.5.6-0ubuntu1.12.04.1])
Ubuntu 14.04 LTS (Trusty Tahr):	released (7u79-2.5.6-0ubuntu1.14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: openjdk-6 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	DNE (precise was released [6b36-1.13.8-0ubuntu1~12.04])
Ubuntu 14.04 LTS (Trusty Tahr):	released (6b36-1.13.8-0ubuntu1~14.04)
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: openjdk-8 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 LTS (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	not-affected (8u66-b17-1)
Ubuntu 17.04 (Zesty Zapus):	not-affected (8u66-b17-1)
Ubuntu 17.10 (Artful Aardvark):	not-affected (8u66-b17-1)
Ubuntu 18.04 LTS (Bionic Beaver):	not-affected (8u66-b17-1)

Package

Source: firefox (LP Ubuntu Debian)

Upstream:	released (39.0)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE (precise was released [39.0+build5-0ubuntu0.12.04.2])
Ubuntu 14.04 LTS (Trusty Tahr):	released (39.0+build5-0ubuntu0.14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):	released (39.0+build5-0ubuntu1)
Ubuntu 17.04 (Zesty Zapus):	released (39.0+build5-0ubuntu1)
Ubuntu 17.10 (Artful Aardvark):	released (39.0+build5-0ubuntu1)
Ubuntu 18.04 LTS (Bionic Beaver):	released (39.0+build5-0ubuntu1)

Package

Source: openssl098 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	DNE (precise was needed)
Ubuntu 14.04 LTS (Trusty Tahr):	needed
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: thunderbird (LP Ubuntu Debian)

Priority: Low

Upstream:	released (31.8)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE (precise was released [1:31.8.0+build1-0ubuntu0.12.04.1])
Ubuntu 14.04 LTS (Trusty Tahr):	released (1:31.8.0+build1-0ubuntu0.14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):	released (1:31.8.0+build1-0ubuntu1)
Ubuntu 17.04 (Zesty Zapus):	released (1:31.8.0+build1-0ubuntu1)
Ubuntu 17.10 (Artful Aardvark):	released (1:31.8.0+build1-0ubuntu1)
Ubuntu 18.04 LTS (Bionic Beaver):	released (1:31.8.0+build1-0ubuntu1)

Package

Source: openssl (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	released (1.0.1-4ubuntu5.28)
Ubuntu 14.04 LTS (Trusty Tahr):	released (1.0.1f-1ubuntu2.12)
Ubuntu 16.04 LTS (Xenial Xerus):	not-affected (1.0.2a-1ubuntu1)
Ubuntu 17.04 (Zesty Zapus):	not-affected (1.0.2a-1ubuntu1)
Ubuntu 17.10 (Artful Aardvark):	not-affected (1.0.2a-1ubuntu1)
Ubuntu 18.04 LTS (Bionic Beaver):	not-affected (1.0.2a-1ubuntu1)

Package

Source: apache2 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	released (2.2.22-1ubuntu1.9)
Ubuntu 14.04 LTS (Trusty Tahr):	not-affected (2.4.7-1ubuntu4.4)
Ubuntu 16.04 LTS (Xenial Xerus):	not-affected
Ubuntu 17.04 (Zesty Zapus):	not-affected
Ubuntu 17.10 (Artful Aardvark):	not-affected
Ubuntu 18.04 LTS (Bionic Beaver):	not-affected

Package

Source: gnutls26 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	not-affected
Ubuntu 14.04 LTS (Trusty Tahr):	not-affected
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: nss (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	released (3.19.2-0ubuntu0.12.04.1)
Ubuntu 14.04 LTS (Trusty Tahr):	released (2:3.19.2-0ubuntu0.14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):	released (2:3.19.2-1ubuntu1)
Ubuntu 17.04 (Zesty Zapus):	released (2:3.19.2-1ubuntu1)
Ubuntu 17.10 (Artful Aardvark):	released (2:3.19.2-1ubuntu1)
Ubuntu 18.04 LTS (Bionic Beaver):	released (2:3.19.2-1ubuntu1)

Package

Source: gnutls28 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	DNE (precise was not-affected)
Ubuntu 14.04 LTS (Trusty Tahr):	not-affected
Ubuntu 16.04 LTS (Xenial Xerus):	not-affected
Ubuntu 17.04 (Zesty Zapus):	not-affected
Ubuntu 17.10 (Artful Aardvark):	not-affected
Ubuntu 18.04 LTS (Bionic Beaver):	not-affected

More Information

Updated: 2017-12-15 20:16:09 UTC (commit 13913)