PublicDateAtUSN: 2016-12-31
Candidate: CVE-2016-7056
PublicDate: 2018-09-10 16:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7056
 https://eprint.iacr.org/2016/1195.pdf
 https://ubuntu.com/security/notices/USN-3181-1
Description:
 A timing attack flaw was found in OpenSSL 1.0.1u and before that could
 allow a malicious user with local access to recover ECDSA P-256 private
 keys.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N [5.5 MEDIUM]

Patches_openssl:
 upstream: https://git.openssl.org/?p=openssl.git;a=commit;h=8aed2a7548362e88e84a7feb795a3a97e8395008 (1.0.2)
upstream_openssl: needs-triage
precise_openssl: released (1.0.1-4ubuntu5.39)
precise/esm_openssl: released (1.0.1-4ubuntu5.39)
trusty_openssl: released (1.0.1f-1ubuntu2.22)
trusty/esm_openssl: released (1.0.1f-1ubuntu2.22)
vivid/ubuntu-core_openssl: released (1.0.1f-1ubuntu11.7)
vivid/stable-phone-overlay_openssl: pending (1.0.1f-1ubuntu11.7)
xenial_openssl: not-affected (1.0.2g-1ubuntu4.5)
esm-infra/xenial_openssl: not-affected (1.0.2g-1ubuntu4.5)
yakkety_openssl: not-affected (1.0.2g-1ubuntu9)
zesty_openssl: not-affected (1.0.2g-1ubuntu10)
artful_openssl: not-affected (1.0.2g-1ubuntu10)
bionic_openssl: not-affected (1.0.2g-1ubuntu10)
cosmic_openssl: not-affected (1.0.2g-1ubuntu10)
disco_openssl: not-affected (1.0.2g-1ubuntu10)
devel_openssl: not-affected (1.0.2g-1ubuntu10)

Patches_openssl098:
upstream_openssl098: needs-triage
precise_openssl098: ignored (reached end-of-life)
precise/esm_openssl098: DNE (precise was needed)
trusty_openssl098: ignored (reached end-of-life)
trusty/esm_openssl098: DNE (trusty was needed)
vivid/ubuntu-core_openssl098: DNE
vivid/stable-phone-overlay_openssl098: DNE
xenial_openssl098: DNE
yakkety_openssl098: DNE
zesty_openssl098: DNE
artful_openssl098: DNE
bionic_openssl098: DNE
cosmic_openssl098: DNE
disco_openssl098: DNE
devel_openssl098: DNE