Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2014-3566

Published: 14 October 2014

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

Notes

AuthorNote
mdeslaur
We recommend disabling SSLv3 on servers, if possible.

Community-provided information on disabling SSLv3 can be found
here:

http://askubuntu.com/a/537196

SANS provided information on disabling SSLv3 can be found here:
https://isc.sans.edu/forums/diary/POODLE+Turning+off+SSLv3+for+various+servers+and+client+/18837

Priority

Medium

Cvss 3 Severity Score

3.4

Score breakdown

Status

Package Release Status
openssl
Launchpad, Ubuntu, Debian
upstream Needs triage

artful
Released (1.0.1f-1ubuntu9)
bionic
Released (1.0.1f-1ubuntu9)
cosmic
Released (1.0.1f-1ubuntu9)
disco
Released (1.0.1f-1ubuntu9)
focal
Released (1.0.1f-1ubuntu9)
jammy
Released (1.0.1f-1ubuntu9)
kinetic
Released (1.0.1f-1ubuntu9)
lucid
Released (0.9.8k-7ubuntu8.22)
lunar
Released (1.0.1f-1ubuntu9)
precise
Released (1.0.1-4ubuntu5.20)
trusty
Released (1.0.1f-1ubuntu2.7)
utopic
Released (1.0.1f-1ubuntu9)
vivid
Released (1.0.1f-1ubuntu9)
wily
Released (1.0.1f-1ubuntu9)
xenial
Released (1.0.1f-1ubuntu9)
yakkety
Released (1.0.1f-1ubuntu9)
zesty
Released (1.0.1f-1ubuntu9)
mantic
Released (1.0.1f-1ubuntu9)
Patches:

upstream: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=c6a876473cbff0fd323c8abcaace98ee2d21863d
upstream: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=dc5dfe431cffbc1fa8eeead0853bd03395e52e71
upstream: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=3f4d81e88b6f3cce83eae0448cc6542e3e251854
upstream: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=d2866063015d839569c2323cae85d1d27ccdb484
upstream: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=6bfe55380abbf7528e04e59f18921bd6c896af1c
upstream: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=7d07c75c5b97a31edfdec8076bd720166fdde789
upstream: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=80fb4820cb1c849348b5246330b35ed4f51af562
nss
Launchpad, Ubuntu, Debian
artful Not vulnerable
(2:3.17.1-0ubuntu1)
bionic Not vulnerable
(2:3.17.1-0ubuntu1)
cosmic Not vulnerable
(2:3.17.1-0ubuntu1)
disco Not vulnerable
(2:3.17.1-0ubuntu1)
lucid Not vulnerable
(3.17.1-0ubuntu0.10.04.1)
precise Not vulnerable
(3.17.1-0ubuntu0.12.04.1)
trusty Not vulnerable
(2:3.17.1-0ubuntu0.14.04.1)
upstream
Released (3.17.1)
focal Not vulnerable
(2:3.17.1-0ubuntu1)
jammy Not vulnerable
(2:3.17.1-0ubuntu1)
kinetic Not vulnerable
(2:3.17.1-0ubuntu1)
lunar Not vulnerable
(2:3.17.1-0ubuntu1)
utopic Not vulnerable
(2:3.17.1-0ubuntu1)
vivid Not vulnerable
(2:3.17.1-0ubuntu1)
wily Not vulnerable
(2:3.17.1-0ubuntu1)
xenial Not vulnerable
(2:3.17.1-0ubuntu1)
yakkety Not vulnerable
(2:3.17.1-0ubuntu1)
zesty Not vulnerable
(2:3.17.1-0ubuntu1)
mantic Not vulnerable
(2:3.17.1-0ubuntu1)
Patches:
upstream: https://hg.mozilla.org/projects/nss/rev/45cb71fd7bca







openjdk-6
Launchpad, Ubuntu, Debian
vivid Not vulnerable
(6b34-1.13.6-1ubuntu1)
precise
Released (6b34-1.13.6-1ubuntu0.12.04.1)
trusty
Released (6b34-1.13.6-1ubuntu0.14.04.1)
artful Does not exist

bionic Does not exist

cosmic Does not exist

disco Does not exist

focal Does not exist

jammy Does not exist

kinetic Does not exist

lucid
Released (6b34-1.13.6-1ubuntu0.10.04.1)
lunar Does not exist

upstream Ignored
(end of life)
utopic
Released (6b34-1.13.6-1ubuntu0.14.10.1)
wily Not vulnerable
(6b34-1.13.6-1ubuntu1)
xenial Does not exist

yakkety Does not exist

zesty Does not exist

mantic Does not exist

pound
Launchpad, Ubuntu, Debian
trusty Needed

artful Not vulnerable
(2.6-6.1)
bionic Does not exist

cosmic Does not exist

disco Does not exist

focal Not vulnerable
(2.6-6.1)
jammy Not vulnerable
(2.6-6.1)
kinetic Not vulnerable
(2.6-6.1)
lucid Does not exist

lunar Does not exist

precise Ignored
(end of life)
upstream Needs triage

utopic Ignored
(end of life)
vivid
Released (2.6-6+deb8u1build0.15.04.1)
wily Not vulnerable
(2.6-6.1)
xenial Not vulnerable
(2.6-6.1)
yakkety Not vulnerable
(2.6-6.1)
zesty Not vulnerable
(2.6-6.1)
mantic Does not exist

openjdk-7
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

disco Does not exist

focal Does not exist

jammy Does not exist

kinetic Does not exist

lucid Does not exist

lunar Does not exist

precise
Released (7u75-2.5.4-1~precise1)
trusty
Released (7u75-2.5.4-1~trusty1)
upstream
Released (7u73)
utopic
Released (7u75-2.5.4-1~utopic1)
vivid Not vulnerable
(7u75-2.5.4-1)
wily Not vulnerable
(7u75-2.5.4-1)
xenial Does not exist

yakkety Does not exist

zesty Does not exist

mantic Does not exist

openssl098
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

cosmic Does not exist

disco Does not exist

focal Does not exist

jammy Does not exist

kinetic Does not exist

lucid Does not exist

lunar Does not exist

precise Ignored
(end of life)
trusty Does not exist
(trusty was needed)
upstream Needs triage

utopic Ignored
(end of life)
vivid Ignored
(end of life)
wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

mantic Does not exist

Severity score breakdown

Parameter Value
Base score 3.4
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Scope Changed
Confidentiality Low
Integrity impact None
Availability impact None
Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N