** Description changed: - This issue is present in Trusty and Precise with the stock main gnutls - - https://community.qualys.com/blogs/securitylabs/2014/12/08/poodle-bites- - tls - - If I switch cups to use gnutls28-dev on 14.04 the issue appears to go - away according to ssllabs. My test case is cups with SSL on. - - Reproduction Steps: - launch a new trusty VM - sudo apt-get install cups - Open /etc/cups/cupsd.conf and change just this one section - ... - # Only listen for connections from the local machine. - #Listen localhost:631 - Listen /var/run/cups/cups.sock - - SSLPort 443 - SSLOptions None - ServerAlias 127.35.213.162.lcy-02.canonistack.canonical.com - ... - Restart cups and then run the ssllabs test - https://www.ssllabs.com/ssltest/ + [Impact] + Gnutls is affected by the Poodle TLS exploit https://community.qualys.com/blogs/securitylabs/2014/12/08/poodle-bites-tls - [1] http://pastebin.ubuntu.com/12970857/ + [Test Case] + launch a new trusty VM + sudo apt-get install cups + Open /etc/cups/cupsd.conf and change just this one section + ... + # Only listen for connections from the local machine. + #Listen localhost:631 + Listen /var/run/cups/cups.sock + + SSLPort 443 + SSLOptions None + ServerAlias 127.35.213.162.lcy-02.canonistack.canonical.com + ... + Restart cups and then run the ssllabs test - https://www.ssllabs.com/ssltest/ + + [Regression Potential] + This is a simple off by one error, that's fixed in all newer versions of gnutls.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1510163 Title: Poodle TLS1.0 issue in Trusty (and Precise) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnutls26/+bug/1510163/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs