Candidate: CVE-2014-3568
PublicDate: 2014-10-19 01:55:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568
 https://www.openssl.org/news/secadv_20141015.txt
Description:
 OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does
 not properly enforce the no-ssl3 build option, which allows remote
 attackers to bypass intended access restrictions via an SSL 3.0 handshake,
 related to s23_clnt.c and s23_srvr.c.
Ubuntu-Description: 
Notes: 
Bugs: 
Priority: low
Discovered-by:
Assigned-to: mdeslaur
CVSS: 

Patches_openssl:
 upstream: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=26a59d9b46574e457870197dffa802871b4c8fc7 (1.0.1)
 upstream: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=cd332a07503bd9771595de87e768179f81715704 (0.9.8)
upstream_openssl: released (0.9.8zc,1.0.1j)
lucid_openssl: released (0.9.8k-7ubuntu8.22)
precise_openssl: released (1.0.1-4ubuntu5.20)
precise/esm_openssl: released (1.0.1-4ubuntu5.20)
trusty_openssl: released (1.0.1f-1ubuntu2.7)
trusty/esm_openssl: released (1.0.1f-1ubuntu2.7)
utopic_openssl: released (1.0.1f-1ubuntu9)
vivid_openssl: released (1.0.1f-1ubuntu9)
vivid/stable-phone-overlay_openssl: released (1.0.1f-1ubuntu9)
vivid/ubuntu-core_openssl: released (1.0.1f-1ubuntu9)
wily_openssl: released (1.0.1f-1ubuntu9)
xenial_openssl: released (1.0.1f-1ubuntu9)
esm-infra/xenial_openssl: released (1.0.1f-1ubuntu9)
yakkety_openssl: released (1.0.1f-1ubuntu9)
zesty_openssl: released (1.0.1f-1ubuntu9)
artful_openssl: released (1.0.1f-1ubuntu9)
bionic_openssl: released (1.0.1f-1ubuntu9)
cosmic_openssl: released (1.0.1f-1ubuntu9)
disco_openssl: released (1.0.1f-1ubuntu9)
devel_openssl: released (1.0.1f-1ubuntu9)

Patches_openssl098:
upstream_openssl098: needs-triage
lucid_openssl098: DNE
precise_openssl098: ignored (reached end-of-life)
precise/esm_openssl098: DNE (precise was needed)
trusty_openssl098: ignored (reached end-of-life)
trusty/esm_openssl098: DNE (trusty was needed)
utopic_openssl098: ignored (reached end-of-life)
vivid_openssl098: ignored (reached end-of-life)
vivid/stable-phone-overlay_openssl098: DNE
vivid/ubuntu-core_openssl098: DNE
wily_openssl098: DNE
xenial_openssl098: DNE
yakkety_openssl098: DNE
zesty_openssl098: DNE
artful_openssl098: DNE
bionic_openssl098: DNE
cosmic_openssl098: DNE
disco_openssl098: DNE
devel_openssl098: DNE