CVE-2018-0495

Priority
Description
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache
side-channel attack on ECDSA signatures that can be mitigated through the
use of blinding during the signing process in the _gcry_ecc_ecdsa_sign
function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem
or ROHNP. To discover an ECDSA key, the attacker needs access to either the
local machine or a different virtual machine on the same physical host.
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):released (1.5.0-3ubuntu0.8)
Ubuntu 14.04 LTS (Trusty Tahr):released (1.5.3-2ubuntu4.6)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:released (1.7.10,1.8.3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):released (1.6.5-2ubuntu0.5)
Ubuntu 18.04 LTS (Bionic Beaver):released (1.8.1-4ubuntu1.1)
Ubuntu 18.10 (Cosmic Cuttlefish):released (1.8.3-1ubuntu1)
Ubuntu 19.04 (Disco Dingo):released (1.8.3-1ubuntu1)
Patches:
Upstream:https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965
Package
Source: nss (LP Ubuntu Debian)
Upstream:released (3.38)
Ubuntu 12.04 ESM (Precise Pangolin):released (2:3.28.4-0ubuntu0.12.04.2)
Ubuntu 14.04 LTS (Trusty Tahr):released (2:3.28.4-0ubuntu0.14.04.4)
Ubuntu 16.04 LTS (Xenial Xerus):released (2:3.28.4-0ubuntu0.16.04.4)
Ubuntu 18.04 LTS (Bionic Beaver):released (2:3.35-2ubuntu2.1)
Ubuntu 18.10 (Cosmic Cuttlefish):released (2:3.36.1-1ubuntu1.1)
Ubuntu 19.04 (Disco Dingo):not-affected (2:3.39-1ubuntu1)
Patches:
Upstream:https://hg.mozilla.org/projects/nss/rev/ca18ca4ba00d
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):released (1.0.1-4ubuntu5.43)
Ubuntu 14.04 LTS (Trusty Tahr):released (1.0.1f-1ubuntu2.26)
Ubuntu 16.04 LTS (Xenial Xerus):released (1.0.2g-1ubuntu4.13)
Ubuntu 18.04 LTS (Bionic Beaver):released (1.1.0g-2ubuntu4.1)
Ubuntu 18.10 (Cosmic Cuttlefish):released (1.1.0g-2ubuntu5)
Ubuntu 19.04 (Disco Dingo):released (1.1.0g-2ubuntu5)
Patches:
Upstream:https://git.openssl.org/?p=openssl.git;a=commit;h=949ff36623eafc3523a9f91784992965018ffb05 (1.0.2)
Upstream:https://git.openssl.org/?p=openssl.git;a=commit;h=0c27d793745c7837b13646302b6890a556b7017a (1.1)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):needs-triage
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):released (1.0.2n-1ubuntu5.1)
Ubuntu 18.10 (Cosmic Cuttlefish):released (1.0.2n-1ubuntu6)
Ubuntu 19.04 (Disco Dingo):DNE
More Information

Updated: 2019-03-26 11:25:52 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)