Page 1 of 1

Logjam SSL Vulnerability in Ubuntu 14.04 LTS and older

PostPosted: Sat Jun 13, 2015 8:29 pm
by ryanvade
I have noticed that Ubuntu 14.04 LTS is vulnerable to the Logjam vulnerability. The main reason for this is the NSS library it is using (3.18). A fix has been releases for NSS 3.19. To test your web browser go to https://weakdh.org/
To find out what version of NSS you are using, open firefox and go to about:support and search for NSS.

Ubuntu 15.10 has the patched version of NSS. I have seen no indication that NSS 3.19.1 will be backported to 14.04 or 15.04. Manually upgrading causes dependency issues.

For more information:
https://developer.mozilla.org/en-US/doc ... ojects/NSS

Re: Logjam SSL Vulnerability in Ubuntu 14.04 LTS and older

PostPosted: Mon Sep 12, 2016 3:45 pm
by swarfendor437
Yet another item of news I have missed - thanks ryanvade for sharing this information and bringing it to the community attention. <BREW>