CVE-2015-4000

Priority
Medium
Description
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled
on a server but not on a client, does not properly convey a DHE_EXPORT
choice, which allows man-in-the-middle attackers to conduct
cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by
DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by
DHE, aka the "Logjam" issue.
References
Notes
 mdeslaur> USN-2624-1 disables export ciphers completely in openssl
 mdeslaur> USN-2625-1 disables export ciphers in apache2 in precise
 sarnold> USN-2639-1 disables <768 bit dh parameters in openssl
 mdeslaur> USN-2672-1 disables <768 bit dh parameters in nss
 sbeattie> USN-2696-1 disables <768 bit dh parameters in openjdk-7
 mdeslaur>
 mdeslaur> gnutls isn't vulnerable to this issue and rejects small dh
 mdeslaur> keys by default. On precise and trusty, the gnutls-cli tool
 mdeslaur> unfortunately sets the minimum dh size to 512 using
 mdeslaur> gnutls_dh_set_prime_bits(), so that must be disabled to test
 mdeslaur> using the command line tool.
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was released [7u79-2.5.6-0ubuntu1.12.04.1])
Ubuntu 14.04 LTS (Trusty Tahr):released (7u79-2.5.6-0ubuntu1.14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was released [6b36-1.13.8-0ubuntu1~12.04])
Ubuntu 14.04 LTS (Trusty Tahr):released (6b36-1.13.8-0ubuntu1~14.04)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (8u66-b17-1)
Ubuntu 17.10 (Artful Aardvark):not-affected (8u66-b17-1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (8u66-b17-1)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (8u66-b17-1)
Package
Upstream:released (39.0)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was released [39.0+build5-0ubuntu0.12.04.2])
Ubuntu 14.04 LTS (Trusty Tahr):released (39.0+build5-0ubuntu0.14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):released (39.0+build5-0ubuntu1)
Ubuntu 17.10 (Artful Aardvark):released (39.0+build5-0ubuntu1)
Ubuntu 18.04 LTS (Bionic Beaver):released (39.0+build5-0ubuntu1)
Ubuntu 18.10 (Cosmic Cuttlefish):released (39.0+build5-0ubuntu1)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 LTS (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Package
Priority: Low
Upstream:released (31.8)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was released [1:31.8.0+build1-0ubuntu0.12.04.1])
Ubuntu 14.04 LTS (Trusty Tahr):released (1:31.8.0+build1-0ubuntu0.14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):released (1:31.8.0+build1-0ubuntu1)
Ubuntu 17.10 (Artful Aardvark):released (1:31.8.0+build1-0ubuntu1)
Ubuntu 18.04 LTS (Bionic Beaver):released (1:31.8.0+build1-0ubuntu1)
Ubuntu 18.10 (Cosmic Cuttlefish):released (1:31.8.0+build1-0ubuntu1)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):released (1.0.1-4ubuntu5.28)
Ubuntu 14.04 LTS (Trusty Tahr):released (1.0.1f-1ubuntu2.12)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (1.0.2a-1ubuntu1)
Ubuntu 17.10 (Artful Aardvark):not-affected (1.0.2a-1ubuntu1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (1.0.2a-1ubuntu1)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (1.0.2a-1ubuntu1)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):released (2.2.22-1ubuntu1.9)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (2.4.7-1ubuntu4.4)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Ubuntu 17.10 (Artful Aardvark):not-affected
Ubuntu 18.04 LTS (Bionic Beaver):not-affected
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):not-affected
Ubuntu 14.04 LTS (Trusty Tahr):not-affected
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Package
Source: nss (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):released (3.19.2-0ubuntu0.12.04.1)
Ubuntu 14.04 LTS (Trusty Tahr):released (2:3.19.2-0ubuntu0.14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):released (2:3.19.2-1ubuntu1)
Ubuntu 17.10 (Artful Aardvark):released (2:3.19.2-1ubuntu1)
Ubuntu 18.04 LTS (Bionic Beaver):released (2:3.19.2-1ubuntu1)
Ubuntu 18.10 (Cosmic Cuttlefish):released (2:3.19.2-1ubuntu1)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was not-affected)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Ubuntu 17.10 (Artful Aardvark):not-affected
Ubuntu 18.04 LTS (Bionic Beaver):not-affected
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected
More Information

Updated: 2018-06-26 04:05:38 UTC (commit 7799c934cca373482531a7b00e4dfe82302ceae5)