** Tags removed: verification-needed
** Tags added: verification-done
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1187195
Title:
OpenSSL site-wide compression disable tracking bug
To manage notif
This bug was fixed in the package openssl - 1.0.1c-4ubuntu8.1
---
openssl (1.0.1c-4ubuntu8.1) raring-security; urgency=low
* SECURITY UPDATE: Disable compression to avoid CRIME systemwide
(LP: #1187195)
- CVE-2012-4929
- debian/patches/openssl-1.0.1e-env-zlib.patch: disa
This bug was fixed in the package openssl - 1.0.1c-3ubuntu2.5
---
openssl (1.0.1c-3ubuntu2.5) quantal-security; urgency=low
* SECURITY UPDATE: Disable compression to avoid CRIME systemwide
(LP: #1187195)
- CVE-2012-4929
- debian/patches/openssl-1.0.1e-env-zlib.patch: dis
This bug was fixed in the package openssl - 0.9.8k-7ubuntu8.15
---
openssl (0.9.8k-7ubuntu8.15) lucid-security; urgency=low
* SECURITY UPDATE: Disable compression to avoid CRIME systemwide
(LP: #1187195)
- CVE-2012-4929
- debian/patches/openssl-1.0.1e-env-zlib.patch: dis
This bug was fixed in the package openssl - 1.0.1-4ubuntu5.10
---
openssl (1.0.1-4ubuntu5.10) precise-security; urgency=low
* SECURITY UPDATE: Disable compression to avoid CRIME systemwide
(LP: #1187195)
- CVE-2012-4929
- debian/patches/openssl-1.0.1e-env-zlib.patch: dis
Theodotos, thanks for the feedback. Please also let us know if you need
to set the environment variable for any services, I'd really like to
know if there are any services that require compression.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed
False alarm. I updated openssl but not libssl. Works now. Thanks Simon!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1187195
Title:
OpenSSL site-wide compression disable tracking bug
To manage not
OKI enabled the proposed repo and now I got the updated version:
# aptitude show openssl | grep -i version
Version: 1.0.1-4ubuntu5.10
But running TestSSLServer against my dovecot pop3s (port 995) I still
get that the system is vulnerable to CRIME.
Compression is supposed to be disabled by defaul
@Theodotos, there is a package on it's way for Precise
(http://changelogs.ubuntu.com/changelogs/pool/main/o/openssl/openssl_1.0.1-4ubuntu5.10/changelog).
You can deploy it now by enabling the precise-proposed repo but it
should hit the regular repos soonish as it was published on June 3rd.
--
You
Guys I have also failed the PCI test on my SSL enabled postfix and
dovecot.
I run TestSSLServer and it says:
CRIME status: vulnerable
I am using Ubuntu 12.04.2 LTS (precise) 64 bit and my openssl version is
1.0.1-4ubuntu5.9.
Is this backported to precise? What is the easiest way to be protected
This bug was fixed in the package openssl - 1.0.1e-2ubuntu1.1
---
openssl (1.0.1e-2ubuntu1.1) saucy-security; urgency=low
* SECURITY UPDATE: Disable compression to avoid CRIME systemwide
(LP: #1187195)
- CVE-2012-4929
- debian/patches/openssl-1.0.1e-env-zlib.patch: disab
To ubuntu-sru: if this passes the verification process, please ping the
security team (sarnold). Thanks!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1187195
Title:
OpenSSL site-wide compression di
To test this modification, I extended the Ubuntu Security Team's QRT
testcase for OpenSSL to run through the entire test suite twice -- once
with compression enabled, once with compression disabled, and verify
that compression has been enabled or disabled where appropriate. These
modifications can
Pocket copied openssl to proposed.
Please test and give feedback here. See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.
Thank you in advance!
** Tags added: verification-needed
** Changed in: openssl (Ubuntu Saucy)
Status: New => Fi
** Also affects: openssl (Ubuntu Lucid)
Importance: Undecided
Status: New
** Also affects: openssl (Ubuntu Precise)
Importance: Undecided
Status: New
** Also affects: openssl (Ubuntu Saucy)
Importance: Undecided
Status: New
** Also affects: openssl (Ubuntu Quantal)
15 matches
Mail list logo
