CVE-2015-0285 in Ubuntu

CVE-2015-0285

Priority

Low

Description

The ssl3_client_hello function in s3_clnt.c in OpenSSL 1.0.2 before 1.0.2a
does not ensure that the PRNG is seeded before proceeding with a handshake,
which makes it easier for remote attackers to defeat cryptographic
protection mechanisms by sniffing the network and then conducting a
brute-force attack.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0285

Notes

mdeslaur> 1.0.2 only

Package

Source: openssl098 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):	not-affected

Package

Source: openssl (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):	not-affected

More Information

Mitre
NVD
Launchpad
Debian

Updated: 2017-12-14 20:04:01 UTC (commit 13907)