CVE-2020-1968

Priority
Description
The Raccoon attack exploits a flaw in the TLS specification which can lead
to an attacker being able to compute the pre-master secret in connections
which have used a Diffie-Hellman (DH) based ciphersuite. In such a case
this would result in the attacker being able to eavesdrop on all encrypted
communications sent over that TLS connection. The attack can only be
exploited if an implementation re-uses a DH secret across multiple TLS
connections. Note that this issue only impacts DH ciphersuites and not ECDH
ciphersuites. This issue affects OpenSSL 1.0.2 which is out of support and
no longer receiving public updates. OpenSSL 1.1.1 is not vulnerable to this
issue. Fixed in OpenSSL 1.0.2w (Affected 1.0.2-1.0.2v).
Notes
Package
Source: edk2 (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Ubuntu 20.04 LTS (Focal Fossa):needs-triage
Ubuntu 20.10 (Groovy Gorilla):needs-triage
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (uses system openssl)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (uses system openssl)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (uses system openssl1.0)
Ubuntu 20.04 LTS (Focal Fossa):not-affected (uses system openssl1.1)
Ubuntu 20.10 (Groovy Gorilla):not-affected (uses system openssl1.1)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):needs-triage
Ubuntu 16.04 LTS (Xenial Xerus):released (1.0.2g-1ubuntu4.17)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (1.1.1-1ubuntu2.1~18.04.6)
Ubuntu 20.04 LTS (Focal Fossa):not-affected (1.1.1f-1ubuntu2)
Ubuntu 20.10 (Groovy Gorilla):not-affected (1.1.1f-1ubuntu3)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):released (1.0.2n-1ubuntu5.4)
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
More Information

Updated: 2020-09-18 04:43:01 UTC (commit 138a3b00836060d8cce6678d1a23781391e3219f)