[ubuntu/bionic-security] openssl 1.1.0g-2ubuntu4.1 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Tue Jun 26 11:33:38 UTC 2018


openssl (1.1.0g-2ubuntu4.1) bionic-security; urgency=medium

  * SECURITY UPDATE: ECDSA key extraction side channel
    - debian/patches/CVE-2018-0495.patch: add blinding to an ECDSA
      signature in crypto/ec/ecdsa_ossl.c.
    - CVE-2018-0495
  * SECURITY UPDATE: denial of service via long prime values
    - debian/patches/CVE-2018-0732.patch: reject excessively large primes
      in DH key generation in crypto/dh/dh_key.c.
    - CVE-2018-0732
  * SECURITY UPDATE: RSA cache timing side channel attack
    - debian/patches/CVE-2018-0737-1.patch: replaced variable-time GCD in
      crypto/rsa/rsa_gen.c.
    - debian/patches/CVE-2018-0737-2.patch: used ERR set/pop mark in
      crypto/rsa/rsa_gen.c.
    - debian/patches/CVE-2018-0737-3.patch: consttime flag changed in
      crypto/rsa/rsa_gen.c.
    - debian/patches/CVE-2018-0737-4.patch: ensure BN_mod_inverse and
      BN_mod_exp_mont both get called with BN_FLG_CONSTTIME flag set in
      crypto/rsa/rsa_gen.c.
    - CVE-2018-0737

Date: 2018-06-20 12:21:15.904174+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/openssl/1.1.0g-2ubuntu4.1
-------------- next part --------------
Sorry, changesfile not available.


More information about the Bionic-changes mailing list