CVE-2018-0495

Опубликовано: 13 июн. 2018

Источник: ubuntu

Приоритет: low

CVSS2: 1.9

CVSS3: 4.7

Описание

Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.

Релиз	Статус	Примечание
artful	DNE
bionic	DNE
cosmic	DNE
devel	DNE
disco	DNE
esm-infra-legacy/trusty	not-affected	1.5.3-2ubuntu4.6
precise/esm	not-affected	1.5.0-3ubuntu0.8
trusty	released	1.5.3-2ubuntu4.6
trusty/esm	not-affected	1.5.3-2ubuntu4.6
upstream	needs-triage

Показывать по

Релиз	Статус	Примечание
artful	released	1.7.8-2ubuntu1.1
bionic	released	1.8.1-4ubuntu1.1
cosmic	released	1.8.3-1ubuntu1
devel	released	1.8.3-1ubuntu1
disco	released	1.8.3-1ubuntu1
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was needed]
esm-infra/bionic	not-affected	1.8.1-4ubuntu1.1
esm-infra/xenial	not-affected	1.6.5-2ubuntu0.5
precise/esm	DNE
trusty	ignored	end of standard support

Показывать по

Релиз	Статус	Примечание
artful	ignored	end of life
bionic	released	2:3.35-2ubuntu2.1
cosmic	released	2:3.36.1-1ubuntu1.1
devel	not-affected	2:3.39-1ubuntu1
disco	not-affected	2:3.39-1ubuntu1
esm-infra-legacy/trusty	not-affected	2:3.28.4-0ubuntu0.14.04.4
esm-infra/bionic	not-affected	2:3.35-2ubuntu2.1
esm-infra/xenial	not-affected	2:3.28.4-0ubuntu0.16.04.4
precise/esm	not-affected	2:3.28.4-0ubuntu0.12.04.2
trusty	released	2:3.28.4-0ubuntu0.14.04.4

Показывать по

Релиз	Статус	Примечание
artful	released	1.0.2g-1ubuntu13.6
bionic	released	1.1.0g-2ubuntu4.1
cosmic	released	1.1.0g-2ubuntu5
devel	released	1.1.0g-2ubuntu5
disco	released	1.1.0g-2ubuntu5
esm-infra-legacy/trusty	not-affected	1.0.1f-1ubuntu2.26
esm-infra/bionic	not-affected	1.1.0g-2ubuntu4.1
esm-infra/xenial	not-affected	1.0.2g-1ubuntu4.13
precise/esm	not-affected	1.0.1-4ubuntu5.43
trusty	released	1.0.1f-1ubuntu2.26

Показывать по

Релиз	Статус	Примечание
artful	DNE
bionic	DNE
cosmic	DNE
devel	DNE
disco	DNE
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was needs-triage]
precise/esm	DNE
trusty	ignored	end of standard support
trusty/esm	DNE	trusty was needs-triage
upstream	needs-triage

Показывать по

Релиз	Статус	Примечание
artful	DNE
bionic	released	1.0.2n-1ubuntu5.1
cosmic	released	1.0.2n-1ubuntu6
devel	DNE
disco	DNE
esm-infra-legacy/trusty	DNE
esm-infra/bionic	not-affected	1.0.2n-1ubuntu5.1
precise/esm	DNE
trusty	DNE
trusty/esm	DNE

Показывать по

Ссылки на источники

1.9 Low

CVSS2

4.7 Medium

CVSS3

Связанные уязвимости

CVE-2018-0495

CVSS3: 5.1

redhat

около 7 лет назад

CVE-2018-0495

CVSS3: 4.7

nvd

около 7 лет назад

CVE-2018-0495

CVSS3: 4.7

debian

около 7 лет назад

Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache s ...

openSUSE-SU-2018:4283-1

suse-cvrf

больше 6 лет назад

Security update for mozilla-nspr and mozilla-nss

openSUSE-SU-2018:2178-1

suse-cvrf

около 7 лет назад

Security update for libgcrypt

1.9 Low

CVSS2

4.7 Medium

CVSS3

CVE-2018-0495

Описание

Пакет libgcrypt11

Пакет libgcrypt20

Пакет nss

Пакет openssl

Пакет openssl098

Пакет openssl1.0

Ссылки на источники

Связанные уязвимости