UBUNTU-CVE-2015-2808

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2015-2808

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2015/UBUNTU-CVE-2015-2808.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2015-2808

Upstream

CVE-2015-2808

Downstream

USN-2696-1

Related

USN-2696-1
USN-2706-1

Published

2015-03-31T00:00:00Z

Modified

2026-02-04T04:20:41.247609Z

Severity

Ubuntu - medium

Summary

[none]

Details

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.

References

Affected packages

Ubuntu:14.04:LTS / openjdk-6

Package

Name: openjdk-6
Purl: pkg:deb/ubuntu/openjdk-6@6b36-1.13.8-0ubuntu1~14.04?arch=source&distro=trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6b36-1.13.8-0ubuntu1~14.04

Affected versions

6b27-1.*

6b27-1.12.6-1ubuntu2

6b27-1.12.7-2ubuntu1

6b29-1.*

6b29-1.13.0-1ubuntu2

6b30-1.*

6b30-1.13.1-1ubuntu1

6b30-1.13.1-1ubuntu2

6b30-1.13.2-1ubuntu1

6b31-1.*

6b31-1.13.3-1ubuntu1

6b32-1.*

6b32-1.13.4-4ubuntu0.14.04.1

6b33-1.*

6b33-1.13.5-1ubuntu0.14.04

6b34-1.*

6b34-1.13.6-1ubuntu0.14.04.1

6b35-1.*

6b35-1.13.7-1ubuntu0.14.04.1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "6b36-1.13.8-0ubuntu1~14.04",
            "binary_name": "icedtea-6-jre-cacao"
        },
        {
            "binary_version": "6b36-1.13.8-0ubuntu1~14.04",
            "binary_name": "icedtea-6-jre-jamvm"
        },
        {
            "binary_version": "6b36-1.13.8-0ubuntu1~14.04",
            "binary_name": "openjdk-6-demo"
        },
        {
            "binary_version": "6b36-1.13.8-0ubuntu1~14.04",
            "binary_name": "openjdk-6-jdk"
        },
        {
            "binary_version": "6b36-1.13.8-0ubuntu1~14.04",
            "binary_name": "openjdk-6-jre"
        },
        {
            "binary_version": "6b36-1.13.8-0ubuntu1~14.04",
            "binary_name": "openjdk-6-jre-headless"
        },
        {
            "binary_version": "6b36-1.13.8-0ubuntu1~14.04",
            "binary_name": "openjdk-6-jre-lib"
        },
        {
            "binary_version": "6b36-1.13.8-0ubuntu1~14.04",
            "binary_name": "openjdk-6-jre-zero"
        },
        {
            "binary_version": "6b36-1.13.8-0ubuntu1~14.04",
            "binary_name": "openjdk-6-source"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2015/UBUNTU-CVE-2015-2808.json"

Ubuntu:14.04:LTS / openjdk-7

Package

Name: openjdk-7
Purl: pkg:deb/ubuntu/openjdk-7@7u79-2.5.6-0ubuntu1.14.04.1?arch=source&distro=trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7u79-2.5.6-0ubuntu1.14.04.1

Affected versions

7u25-2.*

7u25-2.3.12-4ubuntu3

7u25-2.3.12-4ubuntu5

7u45-2.*

7u45-2.4.3-3ubuntu1

7u45-2.4.3-3ubuntu2

7u45-2.4.3-4ubuntu1

7u45-2.4.3-4ubuntu2

7u51-2.*

7u51-2.4.4-1ubuntu1

7u51-2.4.5-1ubuntu1

7u51-2.4.6~pre1-1ubuntu2

7u51-2.4.6-1ubuntu3

7u51-2.4.6-1ubuntu4

7u55-2.*

7u55-2.4.7-1ubuntu1

7u65-2.*

7u65-2.5.1-4ubuntu1~0.14.04.1

7u65-2.5.1-4ubuntu1~0.14.04.2

7u65-2.5.2-3~14.04

7u71-2.*

7u71-2.5.3-0ubuntu0.14.04.1

7u75-2.*

7u75-2.5.4-1~trusty1

7u79-2.*

7u79-2.5.5-0ubuntu0.14.04.2

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "7u79-2.5.6-0ubuntu1.14.04.1",
            "binary_name": "icedtea-7-jre-jamvm"
        },
        {
            "binary_version": "7u79-2.5.6-0ubuntu1.14.04.1",
            "binary_name": "openjdk-7-demo"
        },
        {
            "binary_version": "7u79-2.5.6-0ubuntu1.14.04.1",
            "binary_name": "openjdk-7-jdk"
        },
        {
            "binary_version": "7u79-2.5.6-0ubuntu1.14.04.1",
            "binary_name": "openjdk-7-jre"
        },
        {
            "binary_version": "7u79-2.5.6-0ubuntu1.14.04.1",
            "binary_name": "openjdk-7-jre-headless"
        },
        {
            "binary_version": "7u79-2.5.6-0ubuntu1.14.04.1",
            "binary_name": "openjdk-7-jre-lib"
        },
        {
            "binary_version": "7u79-2.5.6-0ubuntu1.14.04.1",
            "binary_name": "openjdk-7-jre-zero"
        },
        {
            "binary_version": "7u79-2.5.6-0ubuntu1.14.04.1",
            "binary_name": "openjdk-7-source"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2015/UBUNTU-CVE-2015-2808.json"