CVE-2014-3566

NameCVE-2014-3566
DescriptionThe SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-157-1, DLA-282-1, DLA-400-1, DSA-3092-1, DSA-3144-1, DSA-3147-1, DSA-3253-1, DSA-3489-1
NVD severitymedium
Debian Bugs765539, 765702, 765928, 768164, 769904, 769905, 771359

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
arora (PTS)sid, jessie0.11.0+qt5+git2014-04-06-1vulnerable
bouncycastle (PTS)jessie1.49+dfsg-3+deb8u2fixed
jessie (security)1.49+dfsg-3+deb8u3fixed
stretch (security), stretch1.56-1+deb9u2fixed
buster1.60-1fixed
bullseye, sid1.61-1fixed
chromium-browser (PTS)jessie (security), jessie57.0.2987.98-1~deb8u1fixed
stretch70.0.3538.110-1~deb9u1fixed
stretch (security)71.0.3578.80-1~deb9u1fixed
conkeror (PTS)jessie1.0~~pre-1+git141025-1+deb8u2vulnerable
stretch1.0.3+git170123-1vulnerable
dwb (PTS)jessie20140702hg-2vulnerable
epiphany-browser (PTS)jessie3.14.1-1vulnerable
stretch3.22.7-1vulnerable
buster3.32.1.2-3~deb10u1vulnerable
bullseye, sid3.34.1-1vulnerable
erlang (PTS)jessie (security), jessie1:17.3-dfsg-4+deb8u2fixed
stretch1:19.2.1+dfsg-2+deb9u2fixed
stretch (security)1:19.2.1+dfsg-2+deb9u1fixed
buster1:21.2.6+dfsg-1fixed
bullseye, sid1:22.1.8+dfsg-1fixed
gnutls28 (PTS)jessie3.3.8-6+deb8u7fixed
jessie (security)3.3.30-0+deb8u1fixed
stretch3.5.8-5+deb9u4fixed
stretch (security)3.5.8-5+deb9u1fixed
buster3.6.7-4fixed
bullseye, sid3.6.10-5fixed
haskell-tls (PTS)jessie1.2.9-2fixed
stretch1.3.8-3fixed
bullseye, sid, buster1.4.1-3fixed
icedove (PTS)jessie1:52.3.0-4~deb8u2fixed
kde-baseapps (PTS)jessie4:4.14.2-1vulnerable
stretch4:16.08.3-1vulnerable
lighttpd (PTS)jessie (security), jessie1.4.35-4+deb8u1fixed
stretch1.4.45-1fixed
buster1.4.53-4fixed
bullseye, sid1.4.54-2fixed
midori (PTS)stretch0.5.11-ds1-4vulnerable
bullseye, sid, buster7.0-2vulnerable
netsurf (PTS)jessie3.2+dfsg-2vulnerable
stretch3.6-3.1vulnerable
sid3.6-3.2vulnerable
nss (PTS)jessie2:3.26-1+debu8u3fixed
jessie (security)2:3.26-1+debu8u9fixed
stretch (security), stretch2:3.26.2-1.1+deb9u1fixed
buster2:3.42.1-1+deb10u1fixed
buster (security)2:3.42.1-1+deb10u2fixed
bullseye2:3.45-1fixed
sid2:3.47.1-1fixed
openjdk-7 (PTS)jessie7u181-2.6.14-1~deb8u1fixed
jessie (security)7u241-2.6.20-1~deb8u1fixed
openjdk-8 (PTS)stretch8u222-b10-1~deb9u1fixed
stretch (security)8u232-b09-1~deb9u1fixed
sid8u232-b09-1fixed
openssl (PTS)jessie1.0.1t-1+deb8u8fixed
jessie (security)1.0.1t-1+deb8u12fixed
stretch1.1.0k-1~deb9u1fixed
stretch (security)1.1.0l-1~deb9u1fixed
buster, buster (security)1.1.1d-0+deb10u2fixed
bullseye, sid1.1.1d-2fixed
polarssl (PTS)jessie1.3.9-2.1+deb8u3fixed
jessie (security)1.3.9-2.1+deb8u4fixed
pound (PTS)jessie (security), jessie2.6-6+deb8u1fixed
stretch2.7-1.3+deb9u1fixed
sid2.8-2fixed
surf (PTS)jessie0.6-1vulnerable
stretch0.7-2vulnerable
bullseye, sid, buster2.0+git20181009-4vulnerable
uzbl (PTS)jessie0.0.0~git.20120514-1.1vulnerable
stretch0.0.0~git.20120514-1.2vulnerable
wolfssl (PTS)bullseye, sid4.2.0+dfsg-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
arorasource(unstable)(unfixed)unimportant
bouncycastlesource(unstable)(not affected)
chromium-browsersource(unstable)39.0.2171.71-1765928
chromium-browsersourcesqueeze(unfixed)end-of-life
chromium-browsersourcewheezy(unfixed)end-of-life
conkerorsource(unstable)(unfixed)unimportant
cyasslsource(unstable)(unfixed)769905
dwbsource(unstable)(unfixed)unimportant
epiphany-browsersource(unstable)(unfixed)unimportant
erlangsource(unstable)1:17.3-dfsg-3771359
galeonsource(unstable)(unfixed)unimportant
gnutls26source(unstable)(unfixed)
gnutls28source(unstable)3.3.8-5769904
haskell-tlssource(unstable)1.2.9-2768164
icedovesource(unstable)31.3.0-1
icedovesourcesqueeze(unfixed)end-of-life
icedovesourcewheezy31.3.0-1~deb7u1DSA-3092-1
iceweaselsource(unstable)31.2.0esr-2
iceweaselsourcesqueeze(unfixed)end-of-life
kazehakasesource(unstable)(unfixed)unimportant
kde-baseappssource(unstable)(unfixed)unimportant
kdebasesource(unstable)(unfixed)unimportant
lighttpdsource(unstable)1.4.35-4765702
lighttpdsourcesqueeze1.4.28-2+squeeze1.7DLA-282-1
lighttpdsourcewheezy1.4.31-4+deb7u4DSA-3489-1
matrixsslsource(unstable)(unfixed)low
midorisource(unstable)(unfixed)unimportant
netsurfsource(unstable)(unfixed)unimportant
nsssource(unstable)2:3.17.1-1
openjdk-6source(unstable)6b34-1.13.6-1
openjdk-6sourcesqueeze6b34-1.13.6-1~deb6u1DLA-157-1
openjdk-6sourcewheezy6b34-1.13.6-1~deb7u1DSA-3147-1
openjdk-7source(unstable)7u75-2.5.4-1
openjdk-7sourcewheezy7u75-2.5.4-1~deb7u1DSA-3144-1
openjdk-8source(unstable)8u40~b04-1
opensslsource(unstable)1.0.1j-1
polarsslsource(unstable)1.3.9-2
poundsource(unstable)2.6-6765539
poundsourcejessie2.6-6+deb8u1DSA-3253-1
poundsourcesqueeze2.6-1+deb6u1DLA-400-1
poundsourcewheezy2.6-2+deb7u1DSA-3253-1
surfsource(unstable)(unfixed)unimportant
tlslitesource(unstable)(unfixed)
uzblsource(unstable)(unfixed)unimportant
wolfsslsource(unstable)3.4.8+dfsg-1

Notes

- bouncycastle <not-affected> (SSLv3 needs to be explicitly enabled)
http://www.kb.cert.org/vuls/id/BLUU-9PYTFQ
wolfssl actually fixed with the initial upload to unstable after the rename
[wheezy] - openssl <no-dsa> (Will be addressed through a point update, #774299)
[squeeze] - openssl <no-dsa> (Change considered too risky)
[squeeze] - gnutls26 <no-dsa> (Minor issue)
[wheezy] - gnutls26 <no-dsa> (Minor issue)
https://bugs.launchpad.net/ubuntu/+source/gnutls26/+bug/1510163
[wheezy] - haskell-tls <no-dsa> (Minor issue)
[squeeze] - matrixssl <no-dsa> (Minor issue)
[wheezy] - matrixssl <no-dsa> (Minor issue)
[squeeze] - nss <no-dsa> (Upstream doesn't plan to disable SSLv3, stick with that)
[wheezy] - nss <no-dsa> (Upstream doesn't plan to disable SSLv3, stick with that)
[squeeze] - polarssl <no-dsa> (Minor issue)
[wheezy] - polarssl <no-dsa> (Minor issue)
[squeeze] - pound <no-dsa> (Minor issue)
[wheezy] - tlslite <no-dsa> (Minor issue)
[squeeze] - erlang <no-dsa> (Minor issue)
[wheezy] - erlang <no-dsa> (Minor issue)
https://www.openssl.org/~bodo/ssl-poodle.pdf
http://googleonlinesecurity.blogspot.fr/2014/10/this-poodle-bites-exploiting-ssl-30.html
This is only about the SSLv3 CBC padding, not about any downgrade attack or support for the fallback SCSV
Fix is to disable SSLv3 in library or application configurations
Browsers based on webkit (with the exception of Chromium) or khtml are not covered by security support

Search for package or bug name: Reporting problems