CVE-2014-3566

Name	CVE-2014-3566
Description	The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DLA-157-1, DLA-282-1, DLA-400-1, DSA-3092-1, DSA-3144-1, DSA-3147-1, DSA-3253-1, DSA-3489-1
Debian Bugs	765539, 765702, 765928, 768164, 769904, 769905, 771359

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
bouncycastle (PTS)	bullseye	1.68-2	fixed
	bookworm	1.72-2	fixed
	sid, trixie	1.77-1	fixed
epiphany-browser (PTS)	bullseye (security), bullseye	3.38.2-1+deb11u3	vulnerable
	bookworm	43.1-1	vulnerable
	sid, trixie	46.2-1	vulnerable
erlang (PTS)	bullseye	1:23.2.6+dfsg-1+deb11u1	fixed
	bookworm	1:25.2.3+dfsg-1	fixed
	sid, trixie	1:25.3.2.12+dfsg-1	fixed
gnutls28 (PTS)	bullseye	3.7.1-5+deb11u5	fixed
	bullseye (security)	3.7.1-5+deb11u3	fixed
	bookworm	3.7.9-2+deb12u3	fixed
	sid, trixie	3.8.6-2	fixed
haskell-tls (PTS)	bullseye	1.5.4-1	fixed
	bookworm	1.5.8-1	fixed
	sid, trixie	1.6.0-1	fixed
lighttpd (PTS)	bullseye (security), bullseye	1.4.59-1+deb11u2	fixed
	bookworm	1.4.69-1	fixed
	sid, trixie	1.4.76-1	fixed
midori (PTS)	bullseye	7.0-2.1	vulnerable
netsurf (PTS)	bookworm, bullseye	3.10-1	fixed
	sid, trixie	3.11-2	fixed
nss (PTS)	bullseye (security), bullseye	2:3.61-1+deb11u3	fixed
	bookworm	2:3.87.1-1	fixed
	sid, trixie	2:3.102-1	fixed
openjdk-8 (PTS)	sid	8u422-b05-1	fixed
openssl (PTS)	bullseye	1.1.1w-0+deb11u1	fixed
	bullseye (security)	1.1.1n-0+deb11u5	fixed
	bookworm	3.0.13-1~deb12u1	fixed
	bookworm (security)	3.0.11-1~deb12u2	fixed
	sid, trixie	3.2.2-1	fixed
pound (PTS)	bullseye	3.0-2	fixed
surf (PTS)	bullseye	2.0+git20201107-2	vulnerable
	bookworm	2.1+git20221016-4	vulnerable
	sid, trixie	2.1+git20221016-6	vulnerable
wolfssl (PTS)	bullseye	4.6.0+p1-0+deb11u2	fixed
	bookworm	5.5.4-2+deb12u1	fixed
	sid, trixie	5.7.0-0.3	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
arora	source	(unstable)	(unfixed)	unimportant
bouncycastle	source	(unstable)	(not affected)
chromium-browser	source	squeeze	(unfixed)	end-of-life
chromium-browser	source	wheezy	(unfixed)	end-of-life
chromium-browser	source	(unstable)	39.0.2171.71-1			765928
conkeror	source	(unstable)	(unfixed)	unimportant
cyassl	source	(unstable)	(unfixed)			769905
dwb	source	(unstable)	(unfixed)	unimportant
epiphany-browser	source	(unstable)	(unfixed)	unimportant
erlang	source	(unstable)	1:17.3-dfsg-3			771359
galeon	source	(unstable)	(unfixed)	unimportant
gnutls26	source	(unstable)	(unfixed)
gnutls28	source	(unstable)	3.3.8-5			769904
haskell-tls	source	(unstable)	1.2.9-2			768164
icedove	source	squeeze	(unfixed)	end-of-life
icedove	source	wheezy	31.3.0-1~deb7u1		DSA-3092-1
icedove	source	(unstable)	31.3.0-1
iceweasel	source	squeeze	(unfixed)	end-of-life
iceweasel	source	(unstable)	31.2.0esr-2
kazehakase	source	(unstable)	(unfixed)	unimportant
kde-baseapps	source	(unstable)	(unfixed)	unimportant
kdebase	source	(unstable)	(unfixed)	unimportant
lighttpd	source	squeeze	1.4.28-2+squeeze1.7		DLA-282-1
lighttpd	source	wheezy	1.4.31-4+deb7u4		DSA-3489-1
lighttpd	source	(unstable)	1.4.35-4			765702
matrixssl	source	(unstable)	(unfixed)	low
midori	source	(unstable)	(unfixed)	unimportant
netsurf	source	(unstable)	3.6-1	unimportant
nss	source	(unstable)	2:3.17.1-1
openjdk-6	source	squeeze	6b34-1.13.6-1~deb6u1		DLA-157-1
openjdk-6	source	wheezy	6b34-1.13.6-1~deb7u1		DSA-3147-1
openjdk-6	source	(unstable)	6b34-1.13.6-1
openjdk-7	source	wheezy	7u75-2.5.4-1~deb7u1		DSA-3144-1
openjdk-7	source	(unstable)	7u75-2.5.4-1
openjdk-8	source	(unstable)	8u40~b04-1
openssl	source	(unstable)	1.0.1j-1
polarssl	source	(unstable)	1.3.9-2
pound	source	squeeze	2.6-1+deb6u1		DLA-400-1
pound	source	wheezy	2.6-2+deb7u1		DSA-3253-1
pound	source	jessie	2.6-6+deb8u1		DSA-3253-1
pound	source	(unstable)	2.6-6			765539
surf	source	(unstable)	(unfixed)	unimportant
tlslite	source	(unstable)	(unfixed)
uzbl	source	(unstable)	(unfixed)	unimportant
wolfssl	source	(unstable)	3.4.8+dfsg-1

Notes

- bouncycastle <not-affected> (SSLv3 needs to be explicitly enabled)
http://www.kb.cert.org/vuls/id/BLUU-9PYTFQ
wolfssl actually fixed with the initial upload to unstable after the rename
[wheezy] - openssl <no-dsa> (Will be addressed through a point update, #774299)
[squeeze] - openssl <no-dsa> (Change considered too risky)
[squeeze] - gnutls26 <no-dsa> (Minor issue)
[wheezy] - gnutls26 <no-dsa> (Minor issue)
https://bugs.launchpad.net/ubuntu/+source/gnutls26/+bug/1510163
[wheezy] - haskell-tls <no-dsa> (Minor issue)
[squeeze] - matrixssl <no-dsa> (Minor issue)
[wheezy] - matrixssl <no-dsa> (Minor issue)
[squeeze] - nss <no-dsa> (Upstream doesn't plan to disable SSLv3, stick with that)
[wheezy] - nss <no-dsa> (Upstream doesn't plan to disable SSLv3, stick with that)
[squeeze] - polarssl <no-dsa> (Minor issue)
[wheezy] - polarssl <no-dsa> (Minor issue)
[squeeze] - pound <no-dsa> (Minor issue)
[wheezy] - tlslite <no-dsa> (Minor issue)
[squeeze] - erlang <no-dsa> (Minor issue)
[wheezy] - erlang <no-dsa> (Minor issue)
https://www.openssl.org/~bodo/ssl-poodle.pdf
http://googleonlinesecurity.blogspot.fr/2014/10/this-poodle-bites-exploiting-ssl-30.html
This is only about the SSLv3 CBC padding, not about any downgrade attack or support for the fallback SCSV
Fix is to disable SSLv3 in library or application configurations
Browsers based on webkit (with the exception of Chromium) or khtml are not covered by security support