CVE-2018-5407

Priority
Description
Simultaneous Multi-threading (SMT) in processors can enable local users to
exploit software vulnerable to timing attacks via a side-channel timing
attack on 'port contention'.
Notes
 mdeslaur> this is a hardware issue, but openssl did commit a workaround
 mdeslaur> in 1.1.1, 1.1.0i
Assigned-to
mdeslaur
Package
Upstream:released (1.1.0i,1.1.1)
Ubuntu 12.04 ESM (Precise Pangolin):needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):released (1.0.1f-1ubuntu2.27)
Ubuntu 16.04 LTS (Xenial Xerus):released (1.0.2g-1ubuntu4.14)
Ubuntu 18.04 LTS (Bionic Beaver):released (1.1.0g-2ubuntu4.3)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (1.1.1-1ubuntu2)
Ubuntu 19.04 (Disco Dingo):not-affected (1.1.1-1ubuntu2)
Patches:
Upstream:https://git.openssl.org/?p=openssl.git;a=commit;h=aab7c770353b1dc4ba045938c8fb446dd1c4531e (1.1.0)
Upstream:https://git.openssl.org/?p=openssl.git;a=commit;h=f06437c751d6f6ec7f4176518e2897f44dd58eb0 (1.1.0)
Upstream:https://git.openssl.org/?p=openssl.git;a=commit;h=33588c930d39d67d1128794dc7c85bae71af24ad (1.1.0)
Upstream:https://git.openssl.org/?p=openssl.git;a=commit;h=f916a735bcdce496cebc7653a8ad2e72b333405a (1.1.0)
Upstream:https://git.openssl.org/?p=openssl.git;a=commit;h=b43ad53119c0ac2ecfa6e4356210ccda57e0d16b (1.1.0)
Upstream:https://git.openssl.org/?p=openssl.git;a=commit;h=2172133d0dc58256bf776da074c0d1944fef15cb (1.1.0)
Upstream:https://git.openssl.org/?p=openssl.git;a=commit;h=cc39f9250957dfe6e9f1b62a4eca1863e8451483 (1.1.0)
Upstream:https://git.openssl.org/?p=openssl.git;a=commit;h=7b3e775a6a78650bbd3e8e19a5aa12981880402b (1.1.0)
Upstream:https://git.openssl.org/?p=openssl.git;a=commit;h=5eee95a54de6854e60886c8e662a902184b12d04 (1.1.0)
Upstream:https://git.openssl.org/?p=openssl.git;a=commit;h=875ba8b21ecc65ad9a6bdc66971e50461660fcbb (1.1.0)
Upstream:https://git.openssl.org/?p=openssl.git;a=commit;h=b18162a7c9bbfb57112459a4d6631fa258fd8c0c (1.0.2)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):needs-triage
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):released (1.0.2n-1ubuntu5.2)
Ubuntu 18.10 (Cosmic Cuttlefish):released (1.0.2n-1ubuntu6.1)
Ubuntu 19.04 (Disco Dingo):released (1.0.2n-1ubuntu7)
More Information

Updated: 2018-12-06 21:14:39 UTC (commit 80deee608f392cdafa5006448a72c8f6b26c8406)