Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2015-2808

Published: 31 March 2015

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.

Notes

AuthorNote
tyhicks
This is an RC4 protocol flaw and it is not specific to an Ubuntu
package

Priority

Medium

Status

Package Release Status
openjdk-6
Launchpad, Ubuntu, Debian
precise
Released (6b36-1.13.8-0ubuntu1~12.04)
trusty
Released (6b36-1.13.8-0ubuntu1~14.04)
upstream Needs triage

utopic Ignored
(end of life)
vivid
Released (6b36-1.13.8-0ubuntu1~15.04.1)
wily Not vulnerable
(6b36-1.13.8-0ubuntu1)
openjdk-8
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist

upstream Needs triage

utopic Ignored
(end of life)
vivid Ignored
(end of life)
wily
Released (8u66-b17-1)
openjdk-7
Launchpad, Ubuntu, Debian
vivid
Released (7u79-2.5.6-0ubuntu1.15.04.1)
precise
Released (7u79-2.5.6-0ubuntu1.12.04.1)
trusty
Released (7u79-2.5.6-0ubuntu1.14.04.1)
upstream Needs triage

utopic Ignored
(end of life)
wily Not vulnerable
(7u79-2.5.6-1)