Launchpad.net

CVE 2014-3566

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

Related bugs and status

CVE-2014-3566 (Candidate) is related to these bugs:

Bug #1381484: Fails to connect to servers that disable SSLv3

		In	Importance	Status
1381484	Fails to connect to servers that disable SSLv3	xchat-gnome (Ubuntu)	Undecided	Fix Released
1381484	Fails to connect to servers that disable SSLv3	xchat-gnome (Ubuntu Precise)	Undecided	Fix Released
1381484	Fails to connect to servers that disable SSLv3	xchat-gnome (Ubuntu Trusty)	Undecided	Fix Released
1381484	Fails to connect to servers that disable SSLv3	xchat-gnome (Ubuntu Utopic)	Undecided	Fix Released
1381484	Fails to connect to servers that disable SSLv3	XChat-GNOME	Medium	Fix Released
1381484	Fails to connect to servers that disable SSLv3	xchat (Ubuntu)	Undecided	Fix Released
1381484	Fails to connect to servers that disable SSLv3	xchat (Ubuntu Precise)	Undecided	Fix Released
1381484	Fails to connect to servers that disable SSLv3	xchat (Ubuntu Trusty)	Undecided	Fix Released
1381484	Fails to connect to servers that disable SSLv3	xchat (Ubuntu Utopic)	Undecided	Fix Released
1381484	Fails to connect to servers that disable SSLv3	xchat-gnome (Debian)	Unknown	Fix Released

Bug #1381537: Dovecot version in precise too old to switch off SSLv3 protocol for "poodle" fix

		In	Importance	Status
1381537	Dovecot version in precise too old to switch off SSLv3 protocol for "poodle" fix	dovecot (Ubuntu)	Undecided	Fix Released
1381537	Dovecot version in precise too old to switch off SSLv3 protocol for "poodle" fix	dovecot (Ubuntu Precise)	Undecided	Fix Released
1381537	Dovecot version in precise too old to switch off SSLv3 protocol for "poodle" fix	dovecot (Ubuntu Utopic)	Undecided	Fix Released
1381537	Dovecot version in precise too old to switch off SSLv3 protocol for "poodle" fix	dovecot (Ubuntu Vivid)	Undecided	Fix Released
1381537	Dovecot version in precise too old to switch off SSLv3 protocol for "poodle" fix	dovecot (Ubuntu Lucid)	Undecided	Won't Fix
1381537	Dovecot version in precise too old to switch off SSLv3 protocol for "poodle" fix	dovecot (Ubuntu Trusty)	Undecided	Fix Released

Bug #1381790: Upgrade to OpenSSL 1.0.1j to mitigate POODLE and other issues

Summary				In	Importance	Status
	1381790	Upgrade to OpenSSL 1.0.1j to mitigate POODLE and other issues		openssl (Ubuntu)	Undecided	Fix Released

Bug #1381840: Wrapper doesn't include TLSCipherSuite

Summary				In	Importance	Status
	1381840	Wrapper doesn't include TLSCipherSuite		pure-ftpd (Ubuntu)	Medium	Fix Released

Bug #1381910: Workaround for CVE-2014-3566 (POODLE) required

Summary				In	Importance	Status
	1381910	Workaround for CVE-2014-3566 (POODLE) required		lighttpd (Ubuntu)	Medium	Fix Released

Bug #1382205: JamVM in 6b33-1.13.5-1ubuntu* fails testsuite on 12.04, 14.04 and 14.10

		In	Importance	Status
1382205	JamVM in 6b33-1.13.5-1ubuntu* fails testsuite on 12.04, 14.04 and 14.10	openjdk-6 (Ubuntu)	High	Confirmed
1382205	JamVM in 6b33-1.13.5-1ubuntu* fails testsuite on 12.04, 14.04 and 14.10	openjdk-6 (Ubuntu Utopic)	High	Won't Fix
1382205	JamVM in 6b33-1.13.5-1ubuntu* fails testsuite on 12.04, 14.04 and 14.10	openjdk-6 (Ubuntu Precise)	High	Won't Fix
1382205	JamVM in 6b33-1.13.5-1ubuntu* fails testsuite on 12.04, 14.04 and 14.10	openjdk-6 (Ubuntu Trusty)	High	Confirmed
1382205	JamVM in 6b33-1.13.5-1ubuntu* fails testsuite on 12.04, 14.04 and 14.10	openjdk-7 (Ubuntu)	High	Fix Released
1382205	JamVM in 6b33-1.13.5-1ubuntu* fails testsuite on 12.04, 14.04 and 14.10	openjdk-7 (Ubuntu Precise)	High	Fix Released
1382205	JamVM in 6b33-1.13.5-1ubuntu* fails testsuite on 12.04, 14.04 and 14.10	openjdk-7 (Ubuntu Trusty)	High	Fix Released
1382205	JamVM in 6b33-1.13.5-1ubuntu* fails testsuite on 12.04, 14.04 and 14.10	openjdk-7 (Ubuntu Utopic)	High	Fix Released

Bug #1382277: Mitigate SSL vulnerability in Apache - CVE-2014-3566

Summary				In	Importance	Status
	1382277	Mitigate SSL vulnerability in Apache - CVE-2014-3566		Trafodion	Critical	Fix Released

Bug #1389264: ZNC SSL listeners are vulnerable to POODLE.

		In	Importance	Status
1389264	ZNC SSL listeners are vulnerable to POODLE.	znc (Ubuntu)	Medium	Fix Released
1389264	ZNC SSL listeners are vulnerable to POODLE.	znc (Ubuntu Precise)	Medium	Won't Fix
1389264	ZNC SSL listeners are vulnerable to POODLE.	znc (Ubuntu Trusty)	Medium	Confirmed
1389264	ZNC SSL listeners are vulnerable to POODLE.	znc (Ubuntu Utopic)	Medium	Won't Fix
1389264	ZNC SSL listeners are vulnerable to POODLE.	znc (Ubuntu Vivid)	Medium	Fix Released

Bug #1505328: Cups SSL is vulnerable to POODLE

Summary				In	Importance	Status
	1505328	Cups SSL is vulnerable to POODLE		cups (Ubuntu)	High	Fix Released
	1505328	Cups SSL is vulnerable to POODLE		cups (Ubuntu Trusty)	High	Fix Released

Bug #1811531: remote execution vulnerability

		In	Importance	Status
1811531	remote execution vulnerability	zeromq3 (Ubuntu)	Undecided	Fix Released
1811531	remote execution vulnerability	zeromq3 (Debian)	Unknown	Fix Released
1811531	remote execution vulnerability	zeromq (Suse)	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2014-3566

Related bugs and status

Related bugs

References