908987 – (CVE-2014-8730) VUL-0: CVE-2014-8730: Poodle again: bad padding handling in TLS 1.0/1.1

Bug 908987 (CVE-2014-8730) - VUL-0: CVE-2014-8730: Poodle again: bad padding handling in TLS 1.0/1.1

Summary: VUL-0: CVE-2014-8730: Poodle again: bad padding handling in TLS 1.0/1.1

Status:	RESOLVED INVALID

Alias:	CVE-2014-8730

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P5 - None Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2014-12-09 09:12 UTC by Marcus Meissner
Modified:	2014-12-09 14:51 UTC (History)
CC List:	0 users

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2014-12-09 09:12:10 UTC

CVE-2014-8730

https://www.imperialviolet.org/2014/12/08/poodleagain.html

basically incorrect padding handling in TLS 1.0 by some SSL/TLS implementations that can have the same effect as POODLE.

So far identified commercial load balancers from F5 and A10, no other libraries.

The article suggests for clients to implement not to allow fallback from TLS 1.2 down to older TLS 1.x versions.

Comment 1 Marcus Meissner 2014-12-09 14:51:33 UTC

determined as not valid for us.