Oval Definition:	oval:com.ubuntu.trusty:def:20154000000
Revision Date: 2015-05-20 Version: 1 Title: CVE-2015-4000 on Ubuntu 14.04 LTS (trusty) - medium. Description: The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. Family: unix Class: vulnerability Status: Reference(s): CVE-2015-4000 Platform(s): Ubuntu 14.04 LTS Product(s): Definition Synopsis Ubuntu 14.04 LTS (trusty) is installed. AND Package Information NOT While related to the CVE in some way, the 'apache2' package in trusty is not affected (note: '2.4.7-1ubuntu4.4'). OR The 'firefox' package in trusty was vulnerable but has been fixed (note: '39.0+build5-0ubuntu0.14.04.1'). OR NOT While related to the CVE in some way, the 'gnutls26' package in trusty is not affected. OR NOT While related to the CVE in some way, the 'gnutls28' package in trusty is not affected. OR The 'nss' package in trusty was vulnerable but has been fixed (note: '2:3.19.2-0ubuntu0.14.04.1'). OR The 'openjdk-6' package in trusty was vulnerable but has been fixed (note: '6b36-1.13.8-0ubuntu1~14.04'). OR The 'openjdk-7' package in trusty was vulnerable but has been fixed (note: '7u79-2.5.6-0ubuntu1.14.04.1'). OR The 'openssl' package in trusty was vulnerable but has been fixed (note: '1.0.1f-1ubuntu2.12'). OR The 'openssl098' package in trusty is affected and needs fixing. OR The 'thunderbird' package in trusty was vulnerable but has been fixed (note: '1:31.8.0+build1-0ubuntu0.14.04.1').
BACK