Bugzilla – Bug 937202
VUL-1: haproxy: The Logjam Attack / weakdh.org
Last modified: 2017-03-02 14:08:43 UTC
+++ This bug was initially created as a clone of Bug #931600 +++ Tracker Bug: "The Logjam Attack" It came to our attention that there seams to be a flaw in the TLS protocol, so that connections can be tricked into using weak encryption. Published information can be found at the following website: https://weakdh.org/ ================================== haproxy swapped the standard DH groups with locally generated ones: http://git.haproxy.org/?p=haproxy-1.5.git;a=commit;h=2ad3ec1ab5379a16b16aba48a42ced27b170534e Please include this in the submission for bug 937042.
bugbot adjusting priority
SUSE-SU-2015:1663-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 937042,937202 CVE References: CVE-2015-3281,CVE-2015-4000 Sources used: SUSE OpenStack Cloud Compute 5 (src): haproxy-1.5.4-2.4.1 SUSE Linux Enterprise High Availability 12 (src): haproxy-1.5.4-2.4.1
SUSE-SU-2015:1776-1: An update that solves one vulnerability and has two fixes is now available. Category: security (moderate) Bug References: 937042,937202,947204 CVE References: CVE-2015-3281 Sources used: SUSE OpenStack Cloud 5 (src): haproxy-1.5.4-12.1
This is an autogenerated message for OBS integration: This bug (937202) was mentioned in https://build.opensuse.org/request/show/339915 13.2 / haproxy
openSUSE-SU-2015:1831-1: An update that solves one vulnerability and has one errata is now available. Category: security (important) Bug References: 937042,937202 CVE References: CVE-2015-3281 Sources used: openSUSE 13.2 (src): haproxy-1.5.5-3.1
released