CVE-2015-3197

Priority
Description
ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does
not prevent use of disabled ciphers, which makes it easier for
man-in-the-middle attackers to defeat cryptographic protection mechanisms
by performing computations on SSLv2 traffic, related to the
get_client_master_key and get_client_hello functions.
Notes
mdeslauropenssl in Ubuntu is compiled with no-ssl2
Package
Upstream:released (1.0.1r,1.0.2f)
Ubuntu 14.04 ESM (Trusty Tahr):not-affected
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Package
Upstream:needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
More Information

Updated: 2020-01-29 19:52:01 UTC (commit 768ceb2fdee6790d707d0f681e1b54916744af1e)