Bug 934934 - (CVE-2015-3230) VUL-0: CVE-2015-3230: 389-ds: nsSSL3Ciphers preference not enforced server side (regression)
(CVE-2015-3230)
VUL-0: CVE-2015-3230: 389-ds: nsSSL3Ciphers preference not enforced server si...
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Security
Current
Other Other
: P3 - Medium : Normal (vote)
: ---
Assigned To: Aeneas Jaißle
E-mail List
https://smash.suse.de/issue/117744/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-06-16 13:34 UTC by Andreas Stieger
Modified: 2015-10-20 09:25 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2015-06-16 13:34:21 UTC
Via RH..

nsSSL3Ciphers preference not enforced server side

https://fedorahosted.org/389/changeset/53c9c4e84e3bcbc40de87b1e7cf7634d14599e1c/

> Description: The fix for ticket 47838 accidentally changed the timing
> of setting default cipher preferences and creating a sslSocket which
> broke setting the default preferences to each sslSocket.

References:
https://fedorahosted.org/389/ticket/48194
https://fedorahosted.org/389/ticket/47838
https://bugzilla.redhat.com/show_bug.cgi?id=1232096
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3230
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3230
Comment 1 Swamp Workflow Management 2015-06-16 22:00:42 UTC
bugbot adjusting priority
Comment 2 Aeneas Jaißle 2015-06-17 10:11:44 UTC
SR to devel project:
https://build.opensuse.org/request/show/312407
Comment 3 Bernhard Wiedemann 2015-06-17 11:00:08 UTC
This is an autogenerated message for OBS integration:
This bug (934934) was mentioned in
https://build.opensuse.org/request/show/312408 Factory / 389-ds
Comment 4 Marcus Meissner 2015-06-18 07:13:20 UTC
submission to factory -> fixed