Ubuntu Update For Serf USN-2315-1 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Ben Reser discovered that serf did not correctly handle SSL certificates with NUL bytes in the CommonName or SubjectAltNames fields. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.

Affected

serf on Ubuntu 14.04 LTS , Ubuntu 12.04 LTS

Severity

Classification

CVE CVE-2014-3504

CVSS	Base Score: 4.0 AV:N/AC:H/Au:N/C:P/I:P/A:N

Related Vulnerabilities

Ubuntu Update for curl USN-2346-1
Ubuntu Update for boost vulnerabilities USN-570-1
Ubuntu Update for cups USN-2144-1
Ubuntu Update for cinder USN-2248-1
Ubuntu Update for curl USN-2097-1

Ubuntu Update for serf USN-2315-1

Take action and discover your vulnerabilities