CVE-2018-0739

Priority
Description
Constructed ASN.1 types with a recursive definition (such as can be found
in PKCS7) could eventually exceed the stack given malicious input with
excessive recursion. This could result in a Denial Of Service attack. There
are no such structures used within SSL/TLS that come from untrusted sources
so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected
1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).
Assigned-to
mdeslaur
Package
Upstream:released (1.0.2o,1.1.0h)
Ubuntu 12.04 ESM (Precise Pangolin):released (1.0.1-4ubuntu5.40)
Ubuntu 14.04 LTS (Trusty Tahr):released (1.0.1f-1ubuntu2.24)
Ubuntu 16.04 LTS (Xenial Xerus):released (1.0.2g-1ubuntu4.11)
Ubuntu 18.04 LTS (Bionic Beaver):released (1.1.0g-2ubuntu3)
Ubuntu 18.10 (Cosmic Cuttlefish):released (1.1.0g-2ubuntu3)
Ubuntu 19.04 (Disco Dingo):released (1.1.0g-2ubuntu3)
Patches:
Upstream:https://git.openssl.org/?p=openssl.git;a=commit;h=9310d45087ae546e27e61ddf8f6367f29848220d (1.0.2)
Upstream:https://git.openssl.org/?p=openssl.git;a=commit;h=2ac4c6f7b2b2af20c0e2b0ba05367e454cd11b33 (1.1.0)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):released (1.0.2n-1ubuntu5)
Ubuntu 18.10 (Cosmic Cuttlefish):released (1.0.2n-1ubuntu5)
Ubuntu 19.04 (Disco Dingo):released (1.0.2n-1ubuntu5)
More Information

Updated: 2018-10-31 20:30:57 UTC (commit cfa7cf69d76449ccff972ac22f40976a08d908c2)