While OpenSSL does need to be updated, it requires a protocol change to
fix properly. At this time, Ubuntu is waiting on the protocol changes
discussed by the IETF to be formalized before patching OpenSSL. In the
meantime, since there are known attacks against the HTTPS protocol,
Apache was updated to disallow client initiated TLS renegotiations in
http://www.ubuntu.com/usn/USN-860-1.
** Changed in: openssl (Ubuntu)
Status: New => Confirmed
--
CVE-2009-3555 OpenSSL need to be updated to close TLS MITM attack
https://bugs.launchpad.net/bugs/484417
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
