[Bug 1469653] [NEW] CVE-2014-0224 not fixed for python-openssl based servers
Rob Meijer
1469653 at bugs.launchpad.net
Mon Jun 29 09:19:34 UTC 2015
Public bug reported:
When creating a minimal https based server in python using 'from OpenSSL
import SSL' on a fully patched Ubuntu 14.04 system, the OpenSSL bug as
reported in CVE-2014-0224 seems to persist for that server. A C++
implementation with the same functionality on the same system does not
show such issues so it would appear that its specific to python-openssl
.
The existence of this bug can be validated by running a simple python
based https server that uses the Python OpenSSL module on a public IP
adress and using the web form as provided on
https://www.ssllabs.com/ssltest/
** Affects: pyopenssl (Ubuntu)
Importance: Undecided
Status: New
** Information type changed from Private Security to Public
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to pyopenssl in Ubuntu.
https://bugs.launchpad.net/bugs/1469653
Title:
CVE-2014-0224 not fixed for python-openssl based servers
Status in pyopenssl package in Ubuntu:
New
Bug description:
When creating a minimal https based server in python using 'from
OpenSSL import SSL' on a fully patched Ubuntu 14.04 system, the
OpenSSL bug as reported in CVE-2014-0224 seems to persist for that
server. A C++ implementation with the same functionality on the same
system does not show such issues so it would appear that its specific
to python-openssl .
The existence of this bug can be validated by running a simple python
based https server that uses the Python OpenSSL module on a public IP
adress and using the web form as provided on
https://www.ssllabs.com/ssltest/
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pyopenssl/+bug/1469653/+subscriptions
More information about the foundations-bugs
mailing list