Bug 14859 - The POODLE also bites Konqueror
Summary: The POODLE also bites Konqueror
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: Cauldron
Hardware: All Linux
Priority: Normal minor
Target Milestone: ---
Assignee: KDE maintainers
QA Contact:
URL:
Whiteboard: MGA5TOO, MGA4TOO
Keywords:
Depends on:
Blocks:
 
Reported: 2014-12-20 10:44 CET by Bjarne Thomsen
Modified: 2017-03-17 17:13 CET (History)
1 user (show)

See Also:
Source RPM: kdebase4-4.14.3-1.mga5.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Bjarne Thomsen 2014-12-20 10:44:33 CET 
Description of problem:
https://www.ssllabs.com: Your user agent is vulnerable. You should disable SSL 3.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.


Reproducible: 

Steps to Reproduce:
Comment 1 Bjarne Thomsen 2014-12-20 10:51:57 CET 
The same is true for konqueror in current cauldron.

Source RPM: konqueror-4.12.5-1.1.mga4 => konqueror-4.12.5-1.1.mga4,konqueror-4.14.3-1.mga5

Comment 2 Bjarne Thomsen 2014-12-20 11:35:36 CET 
and chromium-browser-stable-39.0.2171.65-1.mga4 has SSLv3 enabled
Only firefox has disabled SSLv3.
Comment 3 Bjarne Thomsen 2014-12-20 16:58:53 CET 
Not true. epiphany-3.14.2-1.mga5 has also disabled SSLv3.
Comment 4 David Walser 2014-12-22 19:51:20 CET 
Thanks for the report.

This is a very minor issue, so we won't necessarily make an update for it for Mageia 4, but I'd like to get as many of these issues fixed in Mageia 5 prior to the release as possible.  It affects a lot of packages, and a lot more than just web browsers, and fixes for various packages have been trickling out the past couple months, and we've updated all of them in Cauldron that I was aware of.

Do you happen to know how a user can manually disable SSLv3 in Konqueror?  It would be good to have that documented here.

I'll assign/CC the KDE team.  I'm not sure what KDE upstream's plans are for this.

Let's keep this bug about Konqueror.  As for Chromium, upstream plans to disable SSLv3 in version 40, which should be available in the next month if I understand correctly.  Thanks for the feedback about Epiphany, as that allowed me to close a bug about that one that someone else had reported.

Hardware: i586 => All
Version: 4 => Cauldron
Assignee: bugsquad => lmenut
Summary: The poodle also bites konqueror in mga4 => The POODLE also bites Konqueror
Source RPM: konqueror-4.12.5-1.1.mga4,konqueror-4.14.3-1.mga5 => kdebase4-4.14.3-1.mga5.src.rpm
Severity: normal => minor
CC: (none) => mageia

Samuel Verschelde 2015-05-21 11:43:52 CEST

Component: RPM Packages => Security
Whiteboard: (none) => MGA5TOO

David Walser 2015-05-22 18:34:12 CEST

Component: Security => RPM Packages
Whiteboard: MGA5TOO => MGA5TOO, MGA4TOO

Luc Menut 2016-08-25 16:47:38 CEST

Assignee: lmenut => kde

Comment 5 Nicolas Lécureuil 2017-03-17 17:13:32 CET 
just tested on cauldrons's konqueror and www.ssllabs.com told me that the user agent is not vulnerable.

 => closing

Status: NEW => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.