Ubuntu Update For Serf USN-2315-1 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Ben Reser discovered that serf did not correctly handle SSL certificates with NUL bytes in the CommonName or SubjectAltNames fields. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.

Affected

serf on Ubuntu 14.04 LTS , Ubuntu 12.04 LTS

Severity

Classification

CVE CVE-2014-3504
CVSS Base Score: 4.0
AV:N/AC:H/Au:N/C:P/I:P/A:N

Related Vulnerabilities

Ubuntu Update for cups, cupsys vulnerabilities USN-952-1
Ubuntu Update for curl USN-1894-1
Ubuntu Update for apt USN-1385-1
Ubuntu Update for apache2 USN-1765-1
Ubuntu Update for dnsmasq vulnerability USN-627-1

Ubuntu Update for serf USN-2315-1

Take action and discover your vulnerabilities