CVE-2014-3566

Name	CVE-2014-3566
Description	The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DLA-157-1, DLA-282-1, DLA-400-1, DSA-3092-1, DSA-3144-1, DSA-3147-1, DSA-3253-1, DSA-3489-1
Debian Bugs	765539, 765702, 765928, 768164, 769904, 769905, 771359

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
arora (PTS)	jessie	0.11.0+qt5+git2014-04-06-1	vulnerable
bouncycastle (PTS)	jessie, jessie (lts)	1.49+dfsg-3+deb8u3	fixed
	stretch (security)	1.56-1+deb9u3	fixed
	stretch (lts), stretch	1.56-1+deb9u4	fixed
	buster (security), buster, buster (lts)	1.60-1+deb10u1	fixed
	bullseye	1.68-2	fixed
	bookworm	1.72-2	fixed
	sid, trixie	1.77-1	fixed
chromium-browser (PTS)	jessie, jessie (lts)	57.0.2987.98-1~deb8u1	fixed
	stretch (security), stretch (lts), stretch	71.0.3578.80-1~deb9u1	fixed
conkeror (PTS)	jessie	1.0~~pre-1+git141025-1+deb8u2	vulnerable
	stretch	1.0.3+git170123-1	vulnerable
dwb (PTS)	jessie	20140702hg-2	vulnerable
epiphany-browser (PTS)	jessie	3.14.1-1	vulnerable
	stretch	3.22.7-1	vulnerable
	buster (security), buster, buster (lts)	3.32.1.2-3~deb10u3	vulnerable
	bullseye (security), bullseye	3.38.2-1+deb11u3	vulnerable
	bookworm	43.1-1	vulnerable
	sid, trixie	47.0-1	vulnerable
erlang (PTS)	jessie, jessie (lts)	1:17.3-dfsg-4+deb8u2	fixed
	stretch (security)	1:19.2.1+dfsg-2+deb9u1	fixed
	stretch (lts), stretch	1:19.2.1+dfsg-2+really23.3.4.18-0+deb9u2	fixed
	buster (security), buster, buster (lts)	1:22.2.7+dfsg-1+deb10u1	fixed
	bullseye	1:23.2.6+dfsg-1+deb11u1	fixed
	bookworm	1:25.2.3+dfsg-1	fixed
	sid, trixie	1:25.3.2.12+dfsg-3	fixed
gnutls28 (PTS)	jessie, jessie (lts)	3.3.30-0+deb8u2	fixed
	stretch (security)	3.5.8-5+deb9u6	fixed
	stretch (lts), stretch	3.5.8-5+deb9u7	fixed
	buster (security), buster, buster (lts)	3.6.7-4+deb10u12	fixed
	bullseye	3.7.1-5+deb11u5	fixed
	bullseye (security)	3.7.1-5+deb11u6	fixed
	bookworm	3.7.9-2+deb12u3	fixed
	sid, trixie	3.8.8-2	fixed
haskell-tls (PTS)	jessie	1.2.9-2	fixed
	stretch	1.3.8-3	fixed
	buster	1.4.1-3	fixed
	bullseye	1.5.4-1	fixed
	bookworm	1.5.8-1	fixed
	sid, trixie	1.8.0-1	fixed
icedove (PTS)	jessie	1:52.3.0-4~deb8u2	fixed
kde-baseapps (PTS)	jessie	4:4.14.2-1	vulnerable
	stretch	4:16.08.3-1	vulnerable
lighttpd (PTS)	jessie, jessie (lts)	1.4.35-4+deb8u1	fixed
	stretch (security), stretch (lts), stretch	1.4.45-1+deb9u1	fixed
	buster (security), buster, buster (lts)	1.4.53-4+deb10u3	fixed
	bullseye (security), bullseye	1.4.59-1+deb11u2	fixed
	bookworm	1.4.69-1	fixed
	sid, trixie	1.4.76-1	fixed
midori (PTS)	stretch	0.5.11-ds1-4	vulnerable
	buster	7.0-2	vulnerable
	bullseye	7.0-2.1	vulnerable
netsurf (PTS)	jessie	3.2+dfsg-2	vulnerable
	stretch	3.6-3.1	fixed
	bullseye, bookworm	3.10-1	fixed
	sid, trixie	3.11-2	fixed
nss (PTS)	jessie, jessie (lts)	2:3.26-1+debu8u19	fixed
	stretch (security)	2:3.26.2-1.1+deb9u5	fixed
	stretch (lts), stretch	2:3.26.2-1.1+deb9u8	fixed
	buster, buster (lts)	2:3.42.1-1+deb10u9	fixed
	buster (security)	2:3.42.1-1+deb10u8	fixed
	bullseye	2:3.61-1+deb11u3	fixed
	bullseye (security)	2:3.61-1+deb11u4	fixed
	bookworm	2:3.87.1-1	fixed
	bookworm (security)	2:3.87.1-1+deb12u1	fixed
	trixie	2:3.105-2	fixed
	sid	2:3.106-1	fixed
openjdk-7 (PTS)	jessie, jessie (lts)	7u321-2.6.28-0+deb8u1	fixed
openjdk-8 (PTS)	jessie, jessie (lts)	8u432-b06-2~deb8u1	fixed
	stretch (security)	8u332-ga-1~deb9u1	fixed
	stretch (lts), stretch	8u432-b06-2~deb9u1	fixed
	sid	8u432-b06-2	fixed
openssl (PTS)	jessie, jessie (lts)	1.0.1t-1+deb8u21	fixed
	stretch (security)	1.1.0l-1~deb9u6	fixed
	stretch (lts), stretch	1.1.0l-1~deb9u9	fixed
	buster (security), buster, buster (lts)	1.1.1n-0+deb10u6	fixed
	bullseye	1.1.1w-0+deb11u1	fixed
	bullseye (security)	1.1.1w-0+deb11u2	fixed
	bookworm	3.0.15-1~deb12u1	fixed
	bookworm (security)	3.0.14-1~deb12u2	fixed
	sid, trixie	3.3.2-2	fixed
polarssl (PTS)	jessie, jessie (lts)	1.3.9-2.1+deb8u4	fixed
pound (PTS)	jessie, jessie (lts)	2.6-6+deb8u3	fixed
	stretch	2.7-1.3+deb9u1	fixed
	bullseye	3.0-2	fixed
	sid, trixie	4.15-1	fixed
surf (PTS)	jessie	0.6-1	vulnerable
	stretch	0.7-2	vulnerable
	buster	2.0+git20181009-4	vulnerable
	bullseye	2.0+git20201107-2	vulnerable
	bookworm	2.1+git20221016-4	vulnerable
	sid, trixie	2.1+git20240324-1	vulnerable
uzbl (PTS)	jessie	0.0.0~git.20120514-1.1	vulnerable
	stretch	0.0.0~git.20120514-1.2	vulnerable
wolfssl (PTS)	bullseye	4.6.0+p1-0+deb11u2	fixed
	bookworm	5.5.4-2+deb12u1	fixed
	sid, trixie	5.7.2-0.1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
arora	source	(unstable)	(unfixed)	unimportant
bouncycastle	source	(unstable)	(not affected)
chromium-browser	source	squeeze	(unfixed)	end-of-life
chromium-browser	source	wheezy	(unfixed)	end-of-life
chromium-browser	source	(unstable)	39.0.2171.71-1			765928
conkeror	source	(unstable)	(unfixed)	unimportant
cyassl	source	(unstable)	(unfixed)			769905
dwb	source	(unstable)	(unfixed)	unimportant
epiphany-browser	source	(unstable)	(unfixed)	unimportant
erlang	source	(unstable)	1:17.3-dfsg-3			771359
galeon	source	(unstable)	(unfixed)	unimportant
gnutls26	source	(unstable)	(unfixed)
gnutls28	source	(unstable)	3.3.8-5			769904
haskell-tls	source	(unstable)	1.2.9-2			768164
icedove	source	squeeze	(unfixed)	end-of-life
icedove	source	wheezy	31.3.0-1~deb7u1		DSA-3092-1
icedove	source	(unstable)	31.3.0-1
iceweasel	source	squeeze	(unfixed)	end-of-life
iceweasel	source	(unstable)	31.2.0esr-2
kazehakase	source	(unstable)	(unfixed)	unimportant
kde-baseapps	source	(unstable)	(unfixed)	unimportant
kdebase	source	(unstable)	(unfixed)	unimportant
lighttpd	source	squeeze	1.4.28-2+squeeze1.7		DLA-282-1
lighttpd	source	wheezy	1.4.31-4+deb7u4		DSA-3489-1
lighttpd	source	(unstable)	1.4.35-4			765702
matrixssl	source	(unstable)	(unfixed)	low
midori	source	(unstable)	(unfixed)	unimportant
netsurf	source	(unstable)	3.6-1	unimportant
nss	source	(unstable)	2:3.17.1-1
openjdk-6	source	squeeze	6b34-1.13.6-1~deb6u1		DLA-157-1
openjdk-6	source	wheezy	6b34-1.13.6-1~deb7u1		DSA-3147-1
openjdk-6	source	(unstable)	6b34-1.13.6-1
openjdk-7	source	wheezy	7u75-2.5.4-1~deb7u1		DSA-3144-1
openjdk-7	source	(unstable)	7u75-2.5.4-1
openjdk-8	source	(unstable)	8u40~b04-1
openssl	source	(unstable)	1.0.1j-1
polarssl	source	(unstable)	1.3.9-2
pound	source	squeeze	2.6-1+deb6u1		DLA-400-1
pound	source	wheezy	2.6-2+deb7u1		DSA-3253-1
pound	source	jessie	2.6-6+deb8u1		DSA-3253-1
pound	source	(unstable)	2.6-6			765539
surf	source	(unstable)	(unfixed)	unimportant
tlslite	source	(unstable)	(unfixed)
uzbl	source	(unstable)	(unfixed)	unimportant
wolfssl	source	(unstable)	3.4.8+dfsg-1

Notes

- bouncycastle <not-affected> (SSLv3 needs to be explicitly enabled)
http://www.kb.cert.org/vuls/id/BLUU-9PYTFQ
wolfssl actually fixed with the initial upload to unstable after the rename
[wheezy] - openssl <no-dsa> (Will be addressed through a point update, #774299)
[squeeze] - openssl <no-dsa> (Change considered too risky)
[squeeze] - gnutls26 <no-dsa> (Minor issue)
[wheezy] - gnutls26 <no-dsa> (Minor issue)
https://bugs.launchpad.net/ubuntu/+source/gnutls26/+bug/1510163
[wheezy] - haskell-tls <no-dsa> (Minor issue)
[squeeze] - matrixssl <no-dsa> (Minor issue)
[wheezy] - matrixssl <no-dsa> (Minor issue)
[squeeze] - nss <no-dsa> (Upstream doesn't plan to disable SSLv3, stick with that)
[wheezy] - nss <no-dsa> (Upstream doesn't plan to disable SSLv3, stick with that)
[squeeze] - polarssl <no-dsa> (Minor issue)
[wheezy] - polarssl <no-dsa> (Minor issue)
[squeeze] - pound <no-dsa> (Minor issue)
[wheezy] - tlslite <no-dsa> (Minor issue)
[squeeze] - erlang <no-dsa> (Minor issue)
[wheezy] - erlang <no-dsa> (Minor issue)
https://www.openssl.org/~bodo/ssl-poodle.pdf
http://googleonlinesecurity.blogspot.fr/2014/10/this-poodle-bites-exploiting-ssl-30.html
This is only about the SSLv3 CBC padding, not about any downgrade attack or support for the fallback SCSV
Fix is to disable SSLv3 in library or application configurations
Browsers based on webkit (with the exception of Chromium) or khtml are not covered by security support