Univention Bugzilla – Bug 37494
openssl: Multiple issues (4.0)
Last modified: 2015-03-05 07:13:17 CET
Denial of service in DTLS (2014-3571, CVE-2015-0206) ECDHE can be downgraded to ECDH, resulting in a loss of forward secrecy (CVE-2014-3572) Weaker RSA keys can be negotiated (CVE-2015-0204) AFAICS these can only be exploited by a malicous server. An OpenSSL server will accept a DH certificate for client authentication without the certificate verify message (CVE-2015-0205) Certificate fingerprints can be modified (CVE-2014-8275) Bignum squaring may produce incorrect results (CVE-2014-3570)
Update has been built, tests and test suite were fine. I've also tested the ucs-test modules base, samba and ldap, which were also fine. YAML file: 2015-01-12-openssl.yaml
Tests: OK Advisory: OK
http://errata.univention.de/ucs/4.0/26.html
(In reply to Moritz Muehlenhoff from comment #3) http://errata.univention.de/ucs/4.0/27.html acutally