CVE-2018-0732

Priority
Description
During key agreement in a TLS handshake using a DH(E) based ciphersuite a
malicious server can send a very large prime value to the client. This will
cause the client to spend an unreasonably long period of time generating a
key for this prime resulting in a hang until the client has finished. This
could be exploited in a Denial Of Service attack. Fixed in OpenSSL
1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected
1.0.2-1.0.2o).
Notes
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):released (1.0.1-4ubuntu5.43)
Ubuntu 14.04 ESM (Trusty Tahr):released (1.0.1f-1ubuntu2.26)
Ubuntu 16.04 LTS (Xenial Xerus):released (1.0.2g-1ubuntu4.13)
Ubuntu 18.04 LTS (Bionic Beaver):released (1.1.0g-2ubuntu4.1)
Ubuntu 19.10 (Eoan Ermine):released (1.1.0g-2ubuntu5)
Patches:
Upstream:https://git.openssl.org/?p=openssl.git;a=commit;h=3984ef0b72831da8b3ece4745cac4f8575b19098 (1.0.2)
Upstream:https://git.openssl.org/?p=openssl.git;a=commit;h=ea7abeeabf92b7aca160bdd0208636d4da69f4f4 (1.1)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needs-triage)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.10 (Eoan Ermine):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):released (1.0.2n-1ubuntu5.1)
Ubuntu 19.10 (Eoan Ermine):DNE
More Information

Updated: 2020-01-29 20:01:02 UTC (commit 768ceb2fdee6790d707d0f681e1b54916744af1e)