UBUNTU-CVE-2015-7575
- Source
- https://ubuntu.com/security/CVE-2015-7575
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2015/UBUNTU-CVE-2015-7575.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2015-7575
- Upstream
- Downstream
- Related
- Published
- 2015-12-31T00:00:00Z
- Modified
- 2025-09-08T16:43:28Z
- Severity
-
- 5.9 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.
- References
-
- https://ubuntu.com/security/CVE-2015-7575
- https://www.mozilla.org/en-US/security/advisories/mfsa2015-150/
- http://www.mitls.org/pages/attacks/SLOTH
- http://www.gnutls.org/security.html#GNUTLS-SA-2015-2
- http://lists.gnutls.org/pipermail/gnutls-devel/2015-April/007572.html
- https://ubuntu.com/security/notices/USN-2863-1
- https://ubuntu.com/security/notices/USN-2864-1
- https://ubuntu.com/security/notices/USN-2865-1
- https://ubuntu.com/security/notices/USN-2866-1
- https://ubuntu.com/security/notices/USN-2884-1
- http://blog.fuseyism.com/index.php/2016/01/25/security-icedtea-1-13-10-for-openjdk-6-released/
- https://tls.mbed.org/tech-updates/releases/mbedtls-2.2.1-2.1.4-1.3.16-and-polarssl.1.2.19-released
- https://ubuntu.com/security/notices/USN-2904-1
- https://www.cve.org/CVERecord?id=CVE-2015-7575
Affected packages
Ubuntu:14.04:LTS / firefox
Package
- Name
- firefox
- Purl
- pkg:deb/ubuntu/firefox@43.0.4+build3-0ubuntu0.14.04.1?arch=source&distro=trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed43.0.4+build3-0ubuntu0.14.04.1
Affected versions
24.*
24.0+build1-0ubuntu1
25.*
25.0+build3-0ubuntu0.13.10.1
28.*
28.0~b2+build1-0ubuntu2
28.0+build1-0ubuntu1
28.0+build2-0ubuntu1
28.0+build2-0ubuntu2
29.*
29.0+build1-0ubuntu0.14.04.2
30.*
30.0+build1-0ubuntu0.14.04.3
31.*
31.0+build1-0ubuntu0.14.04.1
32.*
32.0+build1-0ubuntu0.14.04.1
32.0.3+build1-0ubuntu0.14.04.1
33.*
33.0+build2-0ubuntu0.14.04.1
34.*
34.0+build2-0ubuntu0.14.04.1
35.*
35.0+build3-0ubuntu0.14.04.2
35.0.1+build1-0ubuntu0.14.04.1
36.*
36.0+build2-0ubuntu0.14.04.4
36.0.1+build2-0ubuntu0.14.04.1
36.0.4+build1-0ubuntu0.14.04.1
37.*
37.0+build2-0ubuntu0.14.04.1
37.0.1+build1-0ubuntu0.14.04.1
37.0.2+build1-0ubuntu0.14.04.1
38.*
38.0+build3-0ubuntu0.14.04.1
39.*
39.0+build5-0ubuntu0.14.04.1
39.0.3+build2-0ubuntu0.14.04.1
40.*
40.0+build4-0ubuntu0.14.04.1
40.0+build4-0ubuntu0.14.04.4
40.0.3+build1-0ubuntu0.14.04.1
41.*
41.0+build3-0ubuntu0.14.04.1
41.0.1+build2-0ubuntu0.14.04.1
41.0.2+build2-0ubuntu0.14.04.1
42.*
42.0+build2-0ubuntu0.14.04.1
43.*
43.0+build1-0ubuntu0.14.04.1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "43.0.4+build3-0ubuntu0.14.04.1",
"binary_name": "firefox"
},
{
"binary_version": "43.0.4+build3-0ubuntu0.14.04.1",
"binary_name": "firefox-dev"
},
{
"binary_version": "43.0.4+build3-0ubuntu0.14.04.1",
"binary_name": "firefox-globalmenu"
},
{
"binary_version": "43.0.4+build3-0ubuntu0.14.04.1",
"binary_name": "firefox-mozsymbols"
},
{
"binary_version": "43.0.4+build3-0ubuntu0.14.04.1",
"binary_name": "firefox-testsuite"
}
]
}
Ubuntu:14.04:LTS / gnutls26
Package
- Name
- gnutls26
- Purl
- pkg:deb/ubuntu/gnutls26@2.12.23-12ubuntu2.4?arch=source&distro=trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.12.23-12ubuntu2.4
Affected versions
2.*
2.12.23-1ubuntu4
2.12.23-1ubuntu5
2.12.23-12ubuntu1
2.12.23-12ubuntu2
2.12.23-12ubuntu2.1
2.12.23-12ubuntu2.2
2.12.23-12ubuntu2.3
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "3.0.11+really2.12.23-12ubuntu2.4",
"binary_name": "gnutls-bin"
},
{
"binary_version": "2.12.23-12ubuntu2.4",
"binary_name": "libgnutls-dev"
},
{
"binary_version": "2.12.23-12ubuntu2.4",
"binary_name": "libgnutls-openssl27"
},
{
"binary_version": "2.12.23-12ubuntu2.4",
"binary_name": "libgnutls26"
},
{
"binary_version": "2.12.23-12ubuntu2.4",
"binary_name": "libgnutlsxx27"
}
]
}
Ubuntu:14.04:LTS / nss
Package
- Name
- nss
- Purl
- pkg:deb/ubuntu/nss@2:3.19.2.1-0ubuntu0.14.04.2?arch=source&distro=trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2:3.19.2.1-0ubuntu0.14.04.2
Affected versions
2:3.*
2:3.15.1-1ubuntu1
2:3.15.2-1
2:3.15.3-1
2:3.15.3.1-1
2:3.15.3.1-1.1
2:3.15.3.1-1.1ubuntu1
2:3.15.4-1ubuntu3
2:3.15.4-1ubuntu4
2:3.15.4-1ubuntu5
2:3.15.4-1ubuntu6
2:3.15.4-1ubuntu7
2:3.15.4-1ubuntu7.1
2:3.17-0ubuntu0.14.04.1
2:3.17.1-0ubuntu0.14.04.1
2:3.17.1-0ubuntu0.14.04.2
2:3.17.4-0ubuntu0.14.04.1
2:3.19.2-0ubuntu0.14.04.1
2:3.19.2.1-0ubuntu0.14.04.1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "2:3.19.2.1-0ubuntu0.14.04.2",
"binary_name": "libnss3"
},
{
"binary_version": "2:3.19.2.1-0ubuntu0.14.04.2",
"binary_name": "libnss3-1d"
},
{
"binary_version": "2:3.19.2.1-0ubuntu0.14.04.2",
"binary_name": "libnss3-dev"
},
{
"binary_version": "2:3.19.2.1-0ubuntu0.14.04.2",
"binary_name": "libnss3-nssdb"
},
{
"binary_version": "2:3.19.2.1-0ubuntu0.14.04.2",
"binary_name": "libnss3-tools"
}
]
}
Ubuntu:14.04:LTS / openjdk-6
Package
- Name
- openjdk-6
- Purl
- pkg:deb/ubuntu/openjdk-6@6b38-1.13.10-0ubuntu0.14.04.1?arch=source&distro=trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6b38-1.13.10-0ubuntu0.14.04.1
Affected versions
6b27-1.*
6b27-1.12.6-1ubuntu2
6b27-1.12.7-2ubuntu1
6b29-1.*
6b29-1.13.0-1ubuntu2
6b30-1.*
6b30-1.13.1-1ubuntu1
6b30-1.13.1-1ubuntu2
6b30-1.13.2-1ubuntu1
6b31-1.*
6b31-1.13.3-1ubuntu1
6b32-1.*
6b32-1.13.4-4ubuntu0.14.04.1
6b33-1.*
6b33-1.13.5-1ubuntu0.14.04
6b34-1.*
6b34-1.13.6-1ubuntu0.14.04.1
6b35-1.*
6b35-1.13.7-1ubuntu0.14.04.1
6b36-1.*
6b36-1.13.8-0ubuntu1~14.04
6b37-1.*
6b37-1.13.9-1ubuntu0.14.04.1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "6b38-1.13.10-0ubuntu0.14.04.1",
"binary_name": "icedtea-6-jre-cacao"
},
{
"binary_version": "6b38-1.13.10-0ubuntu0.14.04.1",
"binary_name": "icedtea-6-jre-jamvm"
},
{
"binary_version": "6b38-1.13.10-0ubuntu0.14.04.1",
"binary_name": "openjdk-6-demo"
},
{
"binary_version": "6b38-1.13.10-0ubuntu0.14.04.1",
"binary_name": "openjdk-6-jdk"
},
{
"binary_version": "6b38-1.13.10-0ubuntu0.14.04.1",
"binary_name": "openjdk-6-jre"
},
{
"binary_version": "6b38-1.13.10-0ubuntu0.14.04.1",
"binary_name": "openjdk-6-jre-headless"
},
{
"binary_version": "6b38-1.13.10-0ubuntu0.14.04.1",
"binary_name": "openjdk-6-jre-lib"
},
{
"binary_version": "6b38-1.13.10-0ubuntu0.14.04.1",
"binary_name": "openjdk-6-jre-zero"
},
{
"binary_version": "6b38-1.13.10-0ubuntu0.14.04.1",
"binary_name": "openjdk-6-source"
}
]
}
Ubuntu:14.04:LTS / openjdk-7
Package
- Name
- openjdk-7
- Purl
- pkg:deb/ubuntu/openjdk-7@7u95-2.6.4-0ubuntu0.14.04.1?arch=source&distro=trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7u95-2.6.4-0ubuntu0.14.04.1
Affected versions
7u25-2.*
7u25-2.3.12-4ubuntu3
7u25-2.3.12-4ubuntu5
7u45-2.*
7u45-2.4.3-3ubuntu1
7u45-2.4.3-3ubuntu2
7u45-2.4.3-4ubuntu1
7u45-2.4.3-4ubuntu2
7u51-2.*
7u51-2.4.4-1ubuntu1
7u51-2.4.5-1ubuntu1
7u51-2.4.6~pre1-1ubuntu2
7u51-2.4.6-1ubuntu3
7u51-2.4.6-1ubuntu4
7u55-2.*
7u55-2.4.7-1ubuntu1
7u65-2.*
7u65-2.5.1-4ubuntu1~0.14.04.1
7u65-2.5.1-4ubuntu1~0.14.04.2
7u65-2.5.2-3~14.04
7u71-2.*
7u71-2.5.3-0ubuntu0.14.04.1
7u75-2.*
7u75-2.5.4-1~trusty1
7u79-2.*
7u79-2.5.5-0ubuntu0.14.04.2
7u79-2.5.6-0ubuntu1.14.04.1
7u85-2.*
7u85-2.6.1-5ubuntu0.14.04.1
7u91-2.*
7u91-2.6.3-0ubuntu0.14.04.1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "7u95-2.6.4-0ubuntu0.14.04.1",
"binary_name": "icedtea-7-jre-jamvm"
},
{
"binary_version": "7u95-2.6.4-0ubuntu0.14.04.1",
"binary_name": "openjdk-7-demo"
},
{
"binary_version": "7u95-2.6.4-0ubuntu0.14.04.1",
"binary_name": "openjdk-7-jdk"
},
{
"binary_version": "7u95-2.6.4-0ubuntu0.14.04.1",
"binary_name": "openjdk-7-jre"
},
{
"binary_version": "7u95-2.6.4-0ubuntu0.14.04.1",
"binary_name": "openjdk-7-jre-headless"
},
{
"binary_version": "7u95-2.6.4-0ubuntu0.14.04.1",
"binary_name": "openjdk-7-jre-lib"
},
{
"binary_version": "7u95-2.6.4-0ubuntu0.14.04.1",
"binary_name": "openjdk-7-jre-zero"
},
{
"binary_version": "7u95-2.6.4-0ubuntu0.14.04.1",
"binary_name": "openjdk-7-source"
}
]
}
Ubuntu:14.04:LTS / thunderbird
Package
- Name
- thunderbird
- Purl
- pkg:deb/ubuntu/thunderbird@1:38.6.0+build1-0ubuntu0.14.04.1?arch=source&distro=trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1:38.6.0+build1-0ubuntu0.14.04.1
Affected versions
1:24.*
1:24.0+build1-0ubuntu1
1:24.0+build1-0ubuntu2
1:24.1.1+build1-0ubuntu0.13.10.1
1:24.1.1+build1-0ubuntu1
1:24.2.0+build1-0ubuntu1
1:24.4.0+build1-0ubuntu1
1:24.5.0+build1-0ubuntu0.14.04.1
1:24.6.0+build1-0ubuntu0.14.04.1
1:31.*
1:31.0+build1-0ubuntu0.14.04.1
1:31.1.1+build1-0ubuntu0.14.04.1
1:31.1.2+build1-0ubuntu0.14.04.1
1:31.2.0+build2-0ubuntu0.14.04.1
1:31.3.0+build1-0ubuntu0.14.04.1
1:31.4.0+build1-0ubuntu0.14.04.1
1:31.5.0+build1-0ubuntu0.14.04.1
1:31.6.0+build1-0ubuntu0.14.04.1
1:31.7.0+build1-0ubuntu0.14.04.1
1:31.8.0+build1-0ubuntu0.14.04.1
1:38.*
1:38.2.0+build1-0ubuntu0.14.04.1
1:38.3.0+build1-0ubuntu0.14.04.1
1:38.4.0+build3-0ubuntu0.14.04.1
1:38.5.1+build2-0ubuntu0.14.04.1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "1:38.6.0+build1-0ubuntu0.14.04.1",
"binary_name": "thunderbird"
},
{
"binary_version": "1:38.6.0+build1-0ubuntu0.14.04.1",
"binary_name": "thunderbird-dev"
},
{
"binary_version": "1:38.6.0+build1-0ubuntu0.14.04.1",
"binary_name": "thunderbird-globalmenu"
},
{
"binary_version": "1:38.6.0+build1-0ubuntu0.14.04.1",
"binary_name": "thunderbird-gnome-support"
},
{
"binary_version": "1:38.6.0+build1-0ubuntu0.14.04.1",
"binary_name": "thunderbird-mozsymbols"
},
{
"binary_version": "1:38.6.0+build1-0ubuntu0.14.04.1",
"binary_name": "thunderbird-testsuite"
},
{
"binary_version": "1:38.6.0+build1-0ubuntu0.14.04.1",
"binary_name": "xul-ext-calendar-timezones"
},
{
"binary_version": "1:38.6.0+build1-0ubuntu0.14.04.1",
"binary_name": "xul-ext-gdata-provider"
},
{
"binary_version": "1:38.6.0+build1-0ubuntu0.14.04.1",
"binary_name": "xul-ext-lightning"
}
]
}
Ubuntu:16.04:LTS / thunderbird
Package
- Name
- thunderbird
- Purl
- pkg:deb/ubuntu/thunderbird@1:38.6.0+build1-0ubuntu1?arch=source&distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1:38.6.0+build1-0ubuntu1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "1:38.6.0+build1-0ubuntu1",
"binary_name": "thunderbird"
},
{
"binary_version": "1:38.6.0+build1-0ubuntu1",
"binary_name": "thunderbird-dev"
},
{
"binary_version": "1:38.6.0+build1-0ubuntu1",
"binary_name": "thunderbird-globalmenu"
},
{
"binary_version": "1:38.6.0+build1-0ubuntu1",
"binary_name": "thunderbird-gnome-support"
},
{
"binary_version": "1:38.6.0+build1-0ubuntu1",
"binary_name": "thunderbird-mozsymbols"
},
{
"binary_version": "1:38.6.0+build1-0ubuntu1",
"binary_name": "thunderbird-testsuite"
},
{
"binary_version": "1:38.6.0+build1-0ubuntu1",
"binary_name": "xul-ext-calendar-timezones"
},
{
"binary_version": "1:38.6.0+build1-0ubuntu1",
"binary_name": "xul-ext-gdata-provider"
},
{
"binary_version": "1:38.6.0+build1-0ubuntu1",
"binary_name": "xul-ext-lightning"
}
]
}