Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

61 – 70 of 74 results


CVE-2019-1559

Medium priority
Fixed

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is...

4 affected packages

nodejs, openssl, openssl098, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
nodejs Not affected Not affected Not affected
openssl Not affected Not affected Fixed
openssl098 Not in release Not in release Not in release
openssl1.0 Not in release Fixed Not in release
Show less packages

CVE-2018-5407

Low priority
Fixed

Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.

3 affected packages

openssl, openssl098, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openssl Not affected Fixed Fixed
openssl098 Not in release Not in release Not in release
openssl1.0 Not in release Fixed Not in release
Show less packages

CVE-2018-0734

Low priority
Fixed

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1)....

3 affected packages

openssl, openssl098, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openssl Fixed Fixed Fixed
openssl098 Not in release Not in release Not in release
openssl1.0 Not in release Fixed Not in release
Show less packages

CVE-2018-0735

Low priority
Fixed

The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j...

3 affected packages

openssl, openssl098, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openssl Fixed Fixed Not affected
openssl098 Not in release Not in release Not in release
openssl1.0 Not in release Not affected Not in release
Show less packages

CVE-2018-0495

Low priority

Some fixes available 18 of 19

Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in...

6 affected packages

libgcrypt11, libgcrypt20, nss, openssl, openssl098, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libgcrypt11 Not in release Not in release
libgcrypt20 Fixed Fixed
nss Fixed Fixed
openssl Fixed Fixed
openssl098 Not in release Not in release
openssl1.0 Fixed Not in release
Show less packages

CVE-2018-0732

Low priority
Fixed

During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key...

3 affected packages

openssl, openssl098, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openssl Fixed Fixed
openssl098 Not in release Not in release
openssl1.0 Fixed Not in release
Show less packages

CVE-2018-0737

Low priority
Fixed

The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover...

3 affected packages

openssl, openssl098, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openssl Fixed Fixed
openssl098 Not in release Not in release
openssl1.0 Fixed Not in release
Show less packages

CVE-2018-0733

Medium priority
Not affected

Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only comparing the least significant bit of each byte. This allows an attacker to forge messages that would be considered...

3 affected packages

openssl, openssl098, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openssl Not affected
openssl098 Not in release
openssl1.0 Not in release
Show less packages

CVE-2018-0739

Medium priority
Fixed

Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no...

3 affected packages

openssl, openssl098, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openssl Fixed Fixed
openssl098 Not in release Not in release
openssl1.0 Fixed Not in release
Show less packages

CVE-2017-3738

Low priority
Fixed

There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect...

3 affected packages

openssl, openssl098, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
openssl Fixed Fixed
openssl098 Not in release Not in release
openssl1.0 Not affected Not in release
Show less packages