UBUNTU-CVE-2018-16868

Source
https://ubuntu.com/security/CVE-2018-16868
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-16868.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2018-16868
Related
Published
2018-12-03T14:29:00Z
Modified
2018-12-03T14:29:00Z
Severity
  • 5.6 (Medium) CVSS_V3 - CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N CVSS Calculator
  • 5.6 (Medium) CVSS_V3 - CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N CVSS Calculator
Summary
[none]
Details

A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.

References

Affected packages

Ubuntu:Pro:14.04:LTS / gnutls26

Package

Name
gnutls26
Purl
pkg:deb/ubuntu/gnutls26?arch=src?distro=trusty/esm

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.12.23-1ubuntu4
2.12.23-1ubuntu5
2.12.23-12ubuntu1
2.12.23-12ubuntu2
2.12.23-12ubuntu2.1
2.12.23-12ubuntu2.2
2.12.23-12ubuntu2.3
2.12.23-12ubuntu2.4
2.12.23-12ubuntu2.5
2.12.23-12ubuntu2.6
2.12.23-12ubuntu2.7
2.12.23-12ubuntu2.8

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:Pro:16.04:LTS / gnutls28

Package

Name
gnutls28
Purl
pkg:deb/ubuntu/gnutls28?arch=src?distro=esm-infra/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.3.15-5ubuntu2
3.3.18-1ubuntu1
3.3.20-1ubuntu1
3.4.9-2ubuntu1
3.4.10-4ubuntu1
3.4.10-4ubuntu1.1
3.4.10-4ubuntu1.2
3.4.10-4ubuntu1.3
3.4.10-4ubuntu1.4
3.4.10-4ubuntu1.5
3.4.10-4ubuntu1.6
3.4.10-4ubuntu1.7
3.4.10-4ubuntu1.8
3.4.10-4ubuntu1.9
3.4.10-4ubuntu1.9+esm1

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:Pro:18.04:LTS / gnutls28

Package

Name
gnutls28
Purl
pkg:deb/ubuntu/gnutls28?arch=src?distro=esm-infra/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.5.8-6ubuntu3
3.5.17-1ubuntu1
3.5.17-1ubuntu3
3.5.18-1ubuntu1
3.5.18-1ubuntu1.1
3.5.18-1ubuntu1.2
3.5.18-1ubuntu1.3
3.5.18-1ubuntu1.4
3.5.18-1ubuntu1.5
3.5.18-1ubuntu1.6
3.5.18-1ubuntu1.6+esm1

Ecosystem specific

{
    "ubuntu_priority": "low"
}