[Bug 1469653] Re: CVE-2014-0224 not fixed for python-openssl based servers
Rob Meijer
1469653 at bugs.launchpad.net
Mon Jul 6 09:48:12 UTC 2015
Also please note that the server code Tyler referenced to, as far as I
can determine, imports 'ssl' from the libpython2.7-minimal package.
This bug however seems to relate to the "python-openssl" package.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to pyopenssl in Ubuntu.
https://bugs.launchpad.net/bugs/1469653
Title:
CVE-2014-0224 not fixed for python-openssl based servers
Status in pyopenssl package in Ubuntu:
Incomplete
Bug description:
When creating a minimal https based server in python using 'from
OpenSSL import SSL' on a fully patched Ubuntu 14.04 system, the
OpenSSL bug as reported in CVE-2014-0224 seems to persist for that
server. A C++ implementation with the same functionality on the same
system does not show such issues so it would appear that its specific
to python-openssl .
The existence of this bug can be validated by running a simple python
based https server that uses the Python OpenSSL module on a public IP
adress and using the web form as provided on
https://www.ssllabs.com/ssltest/
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pyopenssl/+bug/1469653/+subscriptions
More information about the foundations-bugs
mailing list