CVE-2018-0732 (retired)

Priority
Description
During key agreement in a TLS handshake using a DH(E) based ciphersuite a
malicious server can send a very large prime value to the client. This will
cause the client to spend an unreasonably long period of time generating a
key for this prime resulting in a hang until the client has finished. This
could be exploited in a Denial Of Service attack. Fixed in OpenSSL
1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected
1.0.2-1.0.2o).
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):released (1.0.1-4ubuntu5.43)
Ubuntu 14.04 ESM (Trusty Tahr):released (1.0.1f-1ubuntu2.26)
Ubuntu 16.04 LTS (Xenial Xerus):released (1.0.2g-1ubuntu4.13)
Ubuntu 18.04 LTS (Bionic Beaver):released (1.1.0g-2ubuntu4.1)
Ubuntu 19.04 (Disco Dingo):released (1.1.0g-2ubuntu5)
Ubuntu 19.10 (Eoan):released (1.1.0g-2ubuntu5)
Patches:
Upstream:https://git.openssl.org/?p=openssl.git;a=commit;h=3984ef0b72831da8b3ece4745cac4f8575b19098 (1.0.2)
Upstream:https://git.openssl.org/?p=openssl.git;a=commit;h=ea7abeeabf92b7aca160bdd0208636d4da69f4f4 (1.1)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needs-triage)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):released (1.0.2n-1ubuntu5.1)
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
More Information

Updated: 2019-08-23 09:23:56 UTC (commit 436fd4ed4cf0038ddd382cb8649607ace163dda7)