CVE 2015-4000
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
Related bugs and status
CVE-2015-4000 (Candidate) is related to these bugs:
Bug #1462856: Newest RHEL/CentOS openssl update breaks mysql DHE
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1462856 | Newest RHEL/CentOS openssl update breaks mysql DHE | Percona Server moved to https://jira.percona.com/projects/PS | High | Fix Released | ||
| 1462856 | Newest RHEL/CentOS openssl update breaks mysql DHE | Percona Server moved to https://jira.percona.com/projects/PS 5.5 | High | Fix Released | ||
| 1462856 | Newest RHEL/CentOS openssl update breaks mysql DHE | Percona Server moved to https://jira.percona.com/projects/PS 5.6 | High | Fix Released | ||
| 1462856 | Newest RHEL/CentOS openssl update breaks mysql DHE | MySQL Server | Unknown | Unknown | ||
Bug #1465014: Firefox and Chromium still vulnerable against LOGJAM
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1465014 | Firefox and Chromium still vulnerable against LOGJAM | nss (Ubuntu) | Critical | Fix Released | ||
| 1465014 | Firefox and Chromium still vulnerable against LOGJAM | firefox (Ubuntu) | Critical | Fix Released | ||
| 1465014 | Firefox and Chromium still vulnerable against LOGJAM | NSS | Medium | Fix Released | ||
Bug #1811531: remote execution vulnerability
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1811531 | remote execution vulnerability | zeromq3 (Ubuntu) | Undecided | Fix Released | ||
| 1811531 | remote execution vulnerability | zeromq3 (Debian) | Unknown | Fix Released | ||
| 1811531 | remote execution vulnerability | zeromq (Suse) | High | Fix Released | ||
Bug #1841936: Rebuild openssl 1.1.1 to pickup TLSv1.3 (bionic) and unbreak existing builds against 1.1.1 (dh key size)
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1841936 | Rebuild openssl 1.1.1 to pickup TLSv1.3 (bionic) and unbreak existing builds against 1.1.1 (dh key size) | haproxy (Ubuntu) | Medium | Fix Released | ||
| 1841936 | Rebuild openssl 1.1.1 to pickup TLSv1.3 (bionic) and unbreak existing builds against 1.1.1 (dh key size) | haproxy (Ubuntu Bionic) | Medium | Fix Released | ||
| 1841936 | Rebuild openssl 1.1.1 to pickup TLSv1.3 (bionic) and unbreak existing builds against 1.1.1 (dh key size) | HAProxy | Unknown | Fix Released | ||
| 1841936 | Rebuild openssl 1.1.1 to pickup TLSv1.3 (bionic) and unbreak existing builds against 1.1.1 (dh key size) | haproxy (Ubuntu Eoan) | Undecided | Fix Released | ||
| 1841936 | Rebuild openssl 1.1.1 to pickup TLSv1.3 (bionic) and unbreak existing builds against 1.1.1 (dh key size) | haproxy (Ubuntu Focal) | Medium | Fix Released | ||
| 1841936 | Rebuild openssl 1.1.1 to pickup TLSv1.3 (bionic) and unbreak existing builds against 1.1.1 (dh key size) | haproxy (Ubuntu Disco) | Undecided | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
