CVE-2016-7056 in Ubuntu

CVE-2016-7056

Priority

Medium

Description

ECDSA P-256 timing attack key recovery

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7056
https://eprint.iacr.org/2016/1195.pdf
https://usn.ubuntu.com/usn/usn-3181-1

Package

Source: openssl098 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	DNE (precise was needed)
Ubuntu 14.04 LTS (Trusty Tahr):	needed
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 17.04 (Zesty Zapus):	DNE
Ubuntu 17.10 (Artful Aardvark):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	DNE

Package

Source: openssl (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	released (1.0.1-4ubuntu5.39)
Ubuntu 14.04 LTS (Trusty Tahr):	released (1.0.1f-1ubuntu2.22)
Ubuntu 16.04 LTS (Xenial Xerus):	not-affected (1.0.2g-1ubuntu4.5)
Ubuntu 17.04 (Zesty Zapus):	not-affected (1.0.2g-1ubuntu10)
Ubuntu 17.10 (Artful Aardvark):	not-affected (1.0.2g-1ubuntu10)
Ubuntu 18.04 LTS (Bionic Beaver):	not-affected (1.0.2g-1ubuntu10)

Patches:

Upstream:

https://git.openssl.org/?p=openssl.git;a=commit;h=8aed2a7548362e88e84a7feb795a3a97e8395008 (1.0.2)

More Information

Updated: 2017-12-15 20:17:40 UTC (commit 13913)