Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-0735 (GCVE-0-2018-0735)
Vulnerability from cvelistv5 – Published: 2018-10-29 13:00 – Updated: 2024-09-16 19:10- Constant time issue
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:35:49.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=56fb454d281a023b3f950d969693553d3f3ceea1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "105750",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105750"
},
{
"name": "USN-3840-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3840-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20181105-0002/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
},
{
"name": "1041986",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041986"
},
{
"name": "[debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html"
},
{
"name": "DSA-4348",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4348"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.openssl.org/news/secadv/20181029.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "RHSA-2019:3700",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3700"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"status": "affected",
"version": "Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i)"
},
{
"status": "affected",
"version": "Fixed in OpenSSL 1.1.1a (Affected 1.1.1)"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Samuel Weiser"
}
],
"datePublic": "2018-10-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1)."
}
],
"metrics": [
{
"other": {
"content": {
"lang": "eng",
"url": "https://www.openssl.org/policies/secpolicy.html#Low",
"value": "Low"
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Constant time issue",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-15T19:15:21.000Z",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=56fb454d281a023b3f950d969693553d3f3ceea1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "105750",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105750"
},
{
"name": "USN-3840-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3840-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20181105-0002/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
},
{
"name": "1041986",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041986"
},
{
"name": "[debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html"
},
{
"name": "DSA-4348",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4348"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.openssl.org/news/secadv/20181029.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "RHSA-2019:3700",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3700"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
}
],
"title": "Timing attack against ECDSA signature generation",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "openssl-security@openssl.org",
"DATE_PUBLIC": "2018-10-29",
"ID": "CVE-2018-0735",
"STATE": "PUBLIC",
"TITLE": "Timing attack against ECDSA signature generation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenSSL",
"version": {
"version_data": [
{
"version_value": "Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i)"
},
{
"version_value": "Fixed in OpenSSL 1.1.1a (Affected 1.1.1)"
}
]
}
}
]
},
"vendor_name": "OpenSSL"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Samuel Weiser"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1)."
}
]
},
"impact": [
{
"lang": "eng",
"url": "https://www.openssl.org/policies/secpolicy.html#Low",
"value": "Low"
}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Constant time issue"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=56fb454d281a023b3f950d969693553d3f3ceea1",
"refsource": "CONFIRM",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=56fb454d281a023b3f950d969693553d3f3ceea1"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "105750",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105750"
},
{
"name": "USN-3840-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3840-1/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20181105-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20181105-0002/"
},
{
"name": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/",
"refsource": "CONFIRM",
"url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
},
{
"name": "1041986",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041986"
},
{
"name": "[debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html"
},
{
"name": "DSA-4348",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4348"
},
{
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4",
"refsource": "CONFIRM",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4"
},
{
"name": "https://www.openssl.org/news/secadv/20181029.txt",
"refsource": "CONFIRM",
"url": "https://www.openssl.org/news/secadv/20181029.txt"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "RHSA-2019:3700",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3700"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2018-0735",
"datePublished": "2018-10-29T13:00:00.000Z",
"dateReserved": "2017-11-30T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:10:32.005Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2018-0735",
"date": "2026-07-19",
"epss": "0.04763",
"percentile": "0.90902"
},
"microsoft_vex": {
"current_release_date": "2026-04-30T01:52:26.000Z",
"cve": "CVE-2018-0735",
"id": "msrc_CVE-2018-0735",
"initial_release_date": "2018-10-02T00:00:00.000Z",
"product_status:known_affected": "5",
"product_status:known_not_affected": "5",
"source": "Microsoft CSAF VEX",
"status": "final",
"title": "Timing attack against ECDSA signature generation",
"url": "https://msrc.microsoft.com/csaf/vex/2018/msrc_cve-2018-0735.json",
"version": "5"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2018-0735\",\"sourceIdentifier\":\"openssl-security@openssl.org\",\"published\":\"2018-10-29T13:29:00.263\",\"lastModified\":\"2024-11-21T03:38:50.413\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).\"},{\"lang\":\"es\",\"value\":\"Se ha demostrado que el algoritmo de firmas ECDSA en OpenSSL es vulnerable a un ataque de sincronizaci\u00f3n de canal lateral. Un atacante podr\u00eda emplear variaciones en el algoritmo de firma para recuperar la clave privada. Se ha solucionado en OpenSSL 1.1.0j (afecta a 1.1.0-1.1.0i). Se ha solucionado en OpenSSL 1.1.1a (afecta a 1.1.1).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-327\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.1.0\",\"versionEndIncluding\":\"1.1.0i\",\"matchCriteriaId\":\"5953EAB1-D0E8-48EA-B07D-3B828E6BB326\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F69F3542-173D-4E0D-99BB-42FDD206D996\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B5A6F2F3-4894-4392-8296-3B8DD2679084\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07C312A0-CD2C-4B9C-B064-6409B25C278F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*\",\"versionStartIncluding\":\"10.0.0\",\"versionEndExcluding\":\"10.12.0\",\"matchCriteriaId\":\"5725F854-27B7-4BC1-8DCA-FAC0B4E41139\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*\",\"versionStartIncluding\":\"11.0.0\",\"versionEndExcluding\":\"11.3.0\",\"matchCriteriaId\":\"4E62EA78-C705-4AC9-9C0B-3C9114087C37\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:10.13.0:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"541EAE2B-5446-46CE-BC91-13188EAD6092\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB30733E-68FC-49C4-86C0-7FEE75C366BF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:cn1610:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6361DAC6-600F-4B15-8797-D67F298F46FB\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C2089EE-5D7F-47EC-8EA5-0F69790564C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85DF4B3F-4BBC-42B7-B729-096934523D63\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CBF1DFDA-FB66-4CEA-A658-B167326D1D96\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*\",\"versionStartIncluding\":\"9.4\",\"matchCriteriaId\":\"7E49ACFC-FD48-4ED7-86E8-68B5B753852C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"361B791A-D336-4431-8F68-8135BEFFAEA2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4BB0FDCF-3750-44C6-AC5C-0CC2AAD14093\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:*\",\"matchCriteriaId\":\"61D7EF01-F618-497F-9375-8003CEA3D380\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"BEDE62C6-D571-4AF8-B85E-CBBCE4AF98B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:steelstore:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0DF5449D-22D2-48B4-8F50-57B43DCB15B9\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5553591-073B-45E3-999F-21B8BA2EEE22\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:application_server:0.9.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD941CDF-8486-43F7-9D98-2B8785B1B139\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:application_server:1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EDE18990-1FC9-4624-971B-2E87BF0871AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:application_server:1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17C29F2D-CBE6-4E22-98AE-787E939ED161\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98F3E643-4B65-4668-BB11-C61ED54D5A53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"459B4A5F-A6BD-4A1C-B6B7-C979F005EB70\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CDCE0E90-495E-4437-8529-3C36441FB69D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.6.42\",\"matchCriteriaId\":\"65B4E766-8D75-48A9-8267-6EE1407B949D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.7.0\",\"versionEndIncluding\":\"5.7.24\",\"matchCriteriaId\":\"F17AD8D0-6D79-4E7D-9CD6-9B130A529C5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndIncluding\":\"8.0.13\",\"matchCriteriaId\":\"C743C44C-2E97-4E5E-8C76-FC0E666BA115\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45CB30A1-B2C9-4BF5-B510-1F2F18B60C64\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0A735B4-4F3C-416B-8C08-9CB21BAD2889\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E1E416B-920B-49A0-9523-382898C2979D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.7\",\"versionEndIncluding\":\"17.12\",\"matchCriteriaId\":\"7A1E1023-2EB9-4334-9B74-CA71480F71C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:8.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"84BF6794-2CE6-407F-B8E0-81871AB7B40B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93A4E178-0082-45C5-BBC0-0A4E51C8B1DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F021C23-AB9B-4877-833F-D01359A98762\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F8ED016-32A1-42EE-844E-3E6B2C116B74\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A046CC2C-445F-4336-8810-930570B4FEC6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0745445C-EC43-4091-BA7C-5105AFCC6F1F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5265C91-FF5C-4451-A7C2-D388A65ACFA2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:tuxedo:12.1.1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92A6A7BA-CCE6-426F-8434-7A578A245180\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.0.0\",\"matchCriteriaId\":\"B52550D1-38F6-4AAC-BE68-487F7D6DB2D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.0.0\",\"versionEndExcluding\":\"5.2.24\",\"matchCriteriaId\":\"F3F69D90-6F4D-4D09-8F60-E36072303E32\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/105750\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1041986\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3700\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=56fb454d281a023b3f950d969693553d3f3ceea1\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20181105-0002/\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3840-1/\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4348\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.openssl.org/news/secadv/20181029.txt\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2020.html\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/105750\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1041986\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3700\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=56fb454d281a023b3f950d969693553d3f3ceea1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20181105-0002/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3840-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4348\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.openssl.org/news/secadv/20181029.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}",
"redhat_vex": {
"aggregate_severity": "Low",
"current_release_date": "2026-06-28T07:18:37+00:00",
"cve": "CVE-2018-0735",
"id": "CVE-2018-0735",
"initial_release_date": "2018-10-25T00:00:00+00:00",
"product_status:fixed": "144",
"product_status:known_affected": "6",
"product_status:known_not_affected": "15",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "openssl: timing side channel attack in the ECDSA signature generation",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-0735.json",
"version": "3"
}
}
}
SUSE-SU-2018:3863-1
Vulnerability from csaf_suse - Published: 2018-11-22 15:24 - Updated: 2018-11-22 15:24| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libopenssl-1_1-devel-1.1.0i-4.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libopenssl-1_1-devel-1.1.0i-4.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libopenssl-1_1-devel-1.1.0i-4.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libopenssl-1_1-devel-1.1.0i-4.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-1.1.0i-4.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-1.1.0i-4.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-1.1.0i-4.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-1.1.0i-4.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-32bit-1.1.0i-4.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-hmac-1.1.0i-4.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-hmac-1.1.0i-4.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-hmac-1.1.0i-4.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-hmac-1.1.0i-4.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-hmac-32bit-1.1.0i-4.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:openssl-1_1-1.1.0i-4.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:openssl-1_1-1.1.0i-4.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:openssl-1_1-1.1.0i-4.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:openssl-1_1-1.1.0i-4.15.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libopenssl-1_1-devel-1.1.0i-4.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libopenssl-1_1-devel-1.1.0i-4.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libopenssl-1_1-devel-1.1.0i-4.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libopenssl-1_1-devel-1.1.0i-4.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-1.1.0i-4.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-1.1.0i-4.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-1.1.0i-4.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-1.1.0i-4.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-32bit-1.1.0i-4.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-hmac-1.1.0i-4.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-hmac-1.1.0i-4.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-hmac-1.1.0i-4.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-hmac-1.1.0i-4.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-hmac-32bit-1.1.0i-4.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:openssl-1_1-1.1.0i-4.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:openssl-1_1-1.1.0i-4.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:openssl-1_1-1.1.0i-4.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15:openssl-1_1-1.1.0i-4.15.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openssl-1_1",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openssl-1_1 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652).\n- CVE-2018-0735: Fixed timing vulnerability in ECDSA signature generation (bsc#1113651).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Module-Basesystem-15-2018-2758,SUSE-SLE-Module-Development-Tools-OBS-15-2018-2758",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_3863-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:3863-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183863-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:3863-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-November/004872.html"
},
{
"category": "self",
"summary": "SUSE Bug 1113651",
"url": "https://bugzilla.suse.com/1113651"
},
{
"category": "self",
"summary": "SUSE Bug 1113652",
"url": "https://bugzilla.suse.com/1113652"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-0734 page",
"url": "https://www.suse.com/security/cve/CVE-2018-0734/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-0735 page",
"url": "https://www.suse.com/security/cve/CVE-2018-0735/"
}
],
"title": "Security update for openssl-1_1",
"tracking": {
"current_release_date": "2018-11-22T15:24:02Z",
"generator": {
"date": "2018-11-22T15:24:02Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:3863-1",
"initial_release_date": "2018-11-22T15:24:02Z",
"revision_history": [
{
"date": "2018-11-22T15:24:02Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_1-devel-1.1.0i-4.15.1.aarch64",
"product": {
"name": "libopenssl-1_1-devel-1.1.0i-4.15.1.aarch64",
"product_id": "libopenssl-1_1-devel-1.1.0i-4.15.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-1.1.0i-4.15.1.aarch64",
"product": {
"name": "libopenssl1_1-1.1.0i-4.15.1.aarch64",
"product_id": "libopenssl1_1-1.1.0i-4.15.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-hmac-1.1.0i-4.15.1.aarch64",
"product": {
"name": "libopenssl1_1-hmac-1.1.0i-4.15.1.aarch64",
"product_id": "libopenssl1_1-hmac-1.1.0i-4.15.1.aarch64"
}
},
{
"category": "product_version",
"name": "openssl-1_1-1.1.0i-4.15.1.aarch64",
"product": {
"name": "openssl-1_1-1.1.0i-4.15.1.aarch64",
"product_id": "openssl-1_1-1.1.0i-4.15.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_1-devel-1.1.0i-4.15.1.ppc64le",
"product": {
"name": "libopenssl-1_1-devel-1.1.0i-4.15.1.ppc64le",
"product_id": "libopenssl-1_1-devel-1.1.0i-4.15.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-1.1.0i-4.15.1.ppc64le",
"product": {
"name": "libopenssl1_1-1.1.0i-4.15.1.ppc64le",
"product_id": "libopenssl1_1-1.1.0i-4.15.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-hmac-1.1.0i-4.15.1.ppc64le",
"product": {
"name": "libopenssl1_1-hmac-1.1.0i-4.15.1.ppc64le",
"product_id": "libopenssl1_1-hmac-1.1.0i-4.15.1.ppc64le"
}
},
{
"category": "product_version",
"name": "openssl-1_1-1.1.0i-4.15.1.ppc64le",
"product": {
"name": "openssl-1_1-1.1.0i-4.15.1.ppc64le",
"product_id": "openssl-1_1-1.1.0i-4.15.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_1-devel-1.1.0i-4.15.1.s390x",
"product": {
"name": "libopenssl-1_1-devel-1.1.0i-4.15.1.s390x",
"product_id": "libopenssl-1_1-devel-1.1.0i-4.15.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-1.1.0i-4.15.1.s390x",
"product": {
"name": "libopenssl1_1-1.1.0i-4.15.1.s390x",
"product_id": "libopenssl1_1-1.1.0i-4.15.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-hmac-1.1.0i-4.15.1.s390x",
"product": {
"name": "libopenssl1_1-hmac-1.1.0i-4.15.1.s390x",
"product_id": "libopenssl1_1-hmac-1.1.0i-4.15.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl-1_1-1.1.0i-4.15.1.s390x",
"product": {
"name": "openssl-1_1-1.1.0i-4.15.1.s390x",
"product_id": "openssl-1_1-1.1.0i-4.15.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_1-devel-1.1.0i-4.15.1.x86_64",
"product": {
"name": "libopenssl-1_1-devel-1.1.0i-4.15.1.x86_64",
"product_id": "libopenssl-1_1-devel-1.1.0i-4.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-1.1.0i-4.15.1.x86_64",
"product": {
"name": "libopenssl1_1-1.1.0i-4.15.1.x86_64",
"product_id": "libopenssl1_1-1.1.0i-4.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-32bit-1.1.0i-4.15.1.x86_64",
"product": {
"name": "libopenssl1_1-32bit-1.1.0i-4.15.1.x86_64",
"product_id": "libopenssl1_1-32bit-1.1.0i-4.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-hmac-1.1.0i-4.15.1.x86_64",
"product": {
"name": "libopenssl1_1-hmac-1.1.0i-4.15.1.x86_64",
"product_id": "libopenssl1_1-hmac-1.1.0i-4.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-hmac-32bit-1.1.0i-4.15.1.x86_64",
"product": {
"name": "libopenssl1_1-hmac-32bit-1.1.0i-4.15.1.x86_64",
"product_id": "libopenssl1_1-hmac-32bit-1.1.0i-4.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-1_1-1.1.0i-4.15.1.x86_64",
"product": {
"name": "openssl-1_1-1.1.0i-4.15.1.x86_64",
"product_id": "openssl-1_1-1.1.0i-4.15.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.0i-4.15.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:libopenssl-1_1-devel-1.1.0i-4.15.1.aarch64"
},
"product_reference": "libopenssl-1_1-devel-1.1.0i-4.15.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.0i-4.15.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:libopenssl-1_1-devel-1.1.0i-4.15.1.ppc64le"
},
"product_reference": "libopenssl-1_1-devel-1.1.0i-4.15.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.0i-4.15.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:libopenssl-1_1-devel-1.1.0i-4.15.1.s390x"
},
"product_reference": "libopenssl-1_1-devel-1.1.0i-4.15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.0i-4.15.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:libopenssl-1_1-devel-1.1.0i-4.15.1.x86_64"
},
"product_reference": "libopenssl-1_1-devel-1.1.0i-4.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.0i-4.15.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-1.1.0i-4.15.1.aarch64"
},
"product_reference": "libopenssl1_1-1.1.0i-4.15.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.0i-4.15.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-1.1.0i-4.15.1.ppc64le"
},
"product_reference": "libopenssl1_1-1.1.0i-4.15.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.0i-4.15.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-1.1.0i-4.15.1.s390x"
},
"product_reference": "libopenssl1_1-1.1.0i-4.15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.0i-4.15.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-1.1.0i-4.15.1.x86_64"
},
"product_reference": "libopenssl1_1-1.1.0i-4.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-32bit-1.1.0i-4.15.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-32bit-1.1.0i-4.15.1.x86_64"
},
"product_reference": "libopenssl1_1-32bit-1.1.0i-4.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.0i-4.15.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-hmac-1.1.0i-4.15.1.aarch64"
},
"product_reference": "libopenssl1_1-hmac-1.1.0i-4.15.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.0i-4.15.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-hmac-1.1.0i-4.15.1.ppc64le"
},
"product_reference": "libopenssl1_1-hmac-1.1.0i-4.15.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.0i-4.15.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-hmac-1.1.0i-4.15.1.s390x"
},
"product_reference": "libopenssl1_1-hmac-1.1.0i-4.15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-1.1.0i-4.15.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-hmac-1.1.0i-4.15.1.x86_64"
},
"product_reference": "libopenssl1_1-hmac-1.1.0i-4.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-hmac-32bit-1.1.0i-4.15.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-hmac-32bit-1.1.0i-4.15.1.x86_64"
},
"product_reference": "libopenssl1_1-hmac-32bit-1.1.0i-4.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.0i-4.15.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:openssl-1_1-1.1.0i-4.15.1.aarch64"
},
"product_reference": "openssl-1_1-1.1.0i-4.15.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.0i-4.15.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:openssl-1_1-1.1.0i-4.15.1.ppc64le"
},
"product_reference": "openssl-1_1-1.1.0i-4.15.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.0i-4.15.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:openssl-1_1-1.1.0i-4.15.1.s390x"
},
"product_reference": "openssl-1_1-1.1.0i-4.15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-1_1-1.1.0i-4.15.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:openssl-1_1-1.1.0i-4.15.1.x86_64"
},
"product_reference": "openssl-1_1-1.1.0i-4.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-0734",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-0734"
}
],
"notes": [
{
"category": "general",
"text": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl-1_1-devel-1.1.0i-4.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl-1_1-devel-1.1.0i-4.15.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl-1_1-devel-1.1.0i-4.15.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl-1_1-devel-1.1.0i-4.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-1.1.0i-4.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-1.1.0i-4.15.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-1.1.0i-4.15.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-1.1.0i-4.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-32bit-1.1.0i-4.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-hmac-1.1.0i-4.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-hmac-1.1.0i-4.15.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-hmac-1.1.0i-4.15.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-hmac-1.1.0i-4.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-hmac-32bit-1.1.0i-4.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:openssl-1_1-1.1.0i-4.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:openssl-1_1-1.1.0i-4.15.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:openssl-1_1-1.1.0i-4.15.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:openssl-1_1-1.1.0i-4.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-0734",
"url": "https://www.suse.com/security/cve/CVE-2018-0734"
},
{
"category": "external",
"summary": "SUSE Bug 1113534 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1113534"
},
{
"category": "external",
"summary": "SUSE Bug 1113652 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1113652"
},
{
"category": "external",
"summary": "SUSE Bug 1113742 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1113742"
},
{
"category": "external",
"summary": "SUSE Bug 1122198 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1122198"
},
{
"category": "external",
"summary": "SUSE Bug 1122212 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1122212"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1148697 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1148697"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl-1_1-devel-1.1.0i-4.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl-1_1-devel-1.1.0i-4.15.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl-1_1-devel-1.1.0i-4.15.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl-1_1-devel-1.1.0i-4.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-1.1.0i-4.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-1.1.0i-4.15.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-1.1.0i-4.15.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-1.1.0i-4.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-32bit-1.1.0i-4.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-hmac-1.1.0i-4.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-hmac-1.1.0i-4.15.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-hmac-1.1.0i-4.15.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-hmac-1.1.0i-4.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-hmac-32bit-1.1.0i-4.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:openssl-1_1-1.1.0i-4.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:openssl-1_1-1.1.0i-4.15.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:openssl-1_1-1.1.0i-4.15.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:openssl-1_1-1.1.0i-4.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl-1_1-devel-1.1.0i-4.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl-1_1-devel-1.1.0i-4.15.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl-1_1-devel-1.1.0i-4.15.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl-1_1-devel-1.1.0i-4.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-1.1.0i-4.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-1.1.0i-4.15.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-1.1.0i-4.15.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-1.1.0i-4.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-32bit-1.1.0i-4.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-hmac-1.1.0i-4.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-hmac-1.1.0i-4.15.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-hmac-1.1.0i-4.15.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-hmac-1.1.0i-4.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-hmac-32bit-1.1.0i-4.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:openssl-1_1-1.1.0i-4.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:openssl-1_1-1.1.0i-4.15.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:openssl-1_1-1.1.0i-4.15.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:openssl-1_1-1.1.0i-4.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-22T15:24:02Z",
"details": "moderate"
}
],
"title": "CVE-2018-0734"
},
{
"cve": "CVE-2018-0735",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-0735"
}
],
"notes": [
{
"category": "general",
"text": "The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl-1_1-devel-1.1.0i-4.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl-1_1-devel-1.1.0i-4.15.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl-1_1-devel-1.1.0i-4.15.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl-1_1-devel-1.1.0i-4.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-1.1.0i-4.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-1.1.0i-4.15.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-1.1.0i-4.15.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-1.1.0i-4.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-32bit-1.1.0i-4.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-hmac-1.1.0i-4.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-hmac-1.1.0i-4.15.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-hmac-1.1.0i-4.15.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-hmac-1.1.0i-4.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-hmac-32bit-1.1.0i-4.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:openssl-1_1-1.1.0i-4.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:openssl-1_1-1.1.0i-4.15.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:openssl-1_1-1.1.0i-4.15.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:openssl-1_1-1.1.0i-4.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-0735",
"url": "https://www.suse.com/security/cve/CVE-2018-0735"
},
{
"category": "external",
"summary": "SUSE Bug 1113534 for CVE-2018-0735",
"url": "https://bugzilla.suse.com/1113534"
},
{
"category": "external",
"summary": "SUSE Bug 1113651 for CVE-2018-0735",
"url": "https://bugzilla.suse.com/1113651"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl-1_1-devel-1.1.0i-4.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl-1_1-devel-1.1.0i-4.15.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl-1_1-devel-1.1.0i-4.15.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl-1_1-devel-1.1.0i-4.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-1.1.0i-4.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-1.1.0i-4.15.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-1.1.0i-4.15.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-1.1.0i-4.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-32bit-1.1.0i-4.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-hmac-1.1.0i-4.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-hmac-1.1.0i-4.15.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-hmac-1.1.0i-4.15.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-hmac-1.1.0i-4.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-hmac-32bit-1.1.0i-4.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:openssl-1_1-1.1.0i-4.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:openssl-1_1-1.1.0i-4.15.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:openssl-1_1-1.1.0i-4.15.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:openssl-1_1-1.1.0i-4.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl-1_1-devel-1.1.0i-4.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl-1_1-devel-1.1.0i-4.15.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl-1_1-devel-1.1.0i-4.15.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl-1_1-devel-1.1.0i-4.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-1.1.0i-4.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-1.1.0i-4.15.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-1.1.0i-4.15.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-1.1.0i-4.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-32bit-1.1.0i-4.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-hmac-1.1.0i-4.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-hmac-1.1.0i-4.15.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-hmac-1.1.0i-4.15.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-hmac-1.1.0i-4.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:libopenssl1_1-hmac-32bit-1.1.0i-4.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:openssl-1_1-1.1.0i-4.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:openssl-1_1-1.1.0i-4.15.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:openssl-1_1-1.1.0i-4.15.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:openssl-1_1-1.1.0i-4.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-22T15:24:02Z",
"details": "moderate"
}
],
"title": "CVE-2018-0735"
}
]
}
SUSE-SU-2018:3945-1
Vulnerability from csaf_suse - Published: 2018-11-29 11:38 - Updated: 2018-11-29 11:38| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:libopenssl1_1-1.1.1-2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:libopenssl1_1-32bit-1.1.1-2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libopenssl1_1-1.1.1-2.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libopenssl1_1-1.1.1-2.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libopenssl1_1-1.1.1-2.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libopenssl1_1-1.1.1-2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libopenssl1_1-32bit-1.1.1-2.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libopenssl1_1-32bit-1.1.1-2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-1.1.1-2.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-1.1.1-2.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-1.1.1-2.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-1.1.1-2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-32bit-1.1.1-2.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-32bit-1.1.1-2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_1-devel-1.1.1-2.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_1-devel-1.1.1-2.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_1-devel-1.1.1-2.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_1-devel-1.1.1-2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_1-devel-32bit-1.1.1-2.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_1-devel-32bit-1.1.1-2.3.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:libopenssl1_1-1.1.1-2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:libopenssl1_1-32bit-1.1.1-2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libopenssl1_1-1.1.1-2.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libopenssl1_1-1.1.1-2.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libopenssl1_1-1.1.1-2.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libopenssl1_1-1.1.1-2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libopenssl1_1-32bit-1.1.1-2.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:libopenssl1_1-32bit-1.1.1-2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-1.1.1-2.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-1.1.1-2.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-1.1.1-2.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-1.1.1-2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-32bit-1.1.1-2.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-32bit-1.1.1-2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_1-devel-1.1.1-2.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_1-devel-1.1.1-2.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_1-devel-1.1.1-2.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_1-devel-1.1.1-2.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_1-devel-32bit-1.1.1-2.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_1-devel-32bit-1.1.1-2.3.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openssl-1_1",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openssl-1_1 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2018-0734: Fixed timing vulnerability in DSA signature generation (bsc#1113652).\n- CVE-2018-0735: Fixed timing vulnerability in ECDSA signature generation (bsc#1113651).\n\nNon-security issues fixed:\n\n- Fixed infinite loop in DSA generation with incorrect parameters (bsc#1112209).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-DESKTOP-12-SP4-2018-2812,SUSE-SLE-SDK-12-SP4-2018-2812,SUSE-SLE-SERVER-12-SP4-2018-2812",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_3945-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:3945-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183945-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:3945-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183945-1.html"
},
{
"category": "self",
"summary": "SUSE Bug 1112209",
"url": "https://bugzilla.suse.com/1112209"
},
{
"category": "self",
"summary": "SUSE Bug 1113651",
"url": "https://bugzilla.suse.com/1113651"
},
{
"category": "self",
"summary": "SUSE Bug 1113652",
"url": "https://bugzilla.suse.com/1113652"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-0734 page",
"url": "https://www.suse.com/security/cve/CVE-2018-0734/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-0735 page",
"url": "https://www.suse.com/security/cve/CVE-2018-0735/"
}
],
"title": "Security update for openssl-1_1",
"tracking": {
"current_release_date": "2018-11-29T11:38:54Z",
"generator": {
"date": "2018-11-29T11:38:54Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:3945-1",
"initial_release_date": "2018-11-29T11:38:54Z",
"revision_history": [
{
"date": "2018-11-29T11:38:54Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_1-devel-1.1.1-2.3.1.aarch64",
"product": {
"name": "libopenssl-1_1-devel-1.1.1-2.3.1.aarch64",
"product_id": "libopenssl-1_1-devel-1.1.1-2.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-1.1.1-2.3.1.aarch64",
"product": {
"name": "libopenssl1_1-1.1.1-2.3.1.aarch64",
"product_id": "libopenssl1_1-1.1.1-2.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_1-devel-1.1.1-2.3.1.ppc64le",
"product": {
"name": "libopenssl-1_1-devel-1.1.1-2.3.1.ppc64le",
"product_id": "libopenssl-1_1-devel-1.1.1-2.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-1.1.1-2.3.1.ppc64le",
"product": {
"name": "libopenssl1_1-1.1.1-2.3.1.ppc64le",
"product_id": "libopenssl1_1-1.1.1-2.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-1_1-devel-1.1.1-2.3.1.s390x",
"product": {
"name": "libopenssl-1_1-devel-1.1.1-2.3.1.s390x",
"product_id": "libopenssl-1_1-devel-1.1.1-2.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl-1_1-devel-32bit-1.1.1-2.3.1.s390x",
"product": {
"name": "libopenssl-1_1-devel-32bit-1.1.1-2.3.1.s390x",
"product_id": "libopenssl-1_1-devel-32bit-1.1.1-2.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-1.1.1-2.3.1.s390x",
"product": {
"name": "libopenssl1_1-1.1.1-2.3.1.s390x",
"product_id": "libopenssl1_1-1.1.1-2.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-32bit-1.1.1-2.3.1.s390x",
"product": {
"name": "libopenssl1_1-32bit-1.1.1-2.3.1.s390x",
"product_id": "libopenssl1_1-32bit-1.1.1-2.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl1_1-1.1.1-2.3.1.x86_64",
"product": {
"name": "libopenssl1_1-1.1.1-2.3.1.x86_64",
"product_id": "libopenssl1_1-1.1.1-2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl1_1-32bit-1.1.1-2.3.1.x86_64",
"product": {
"name": "libopenssl1_1-32bit-1.1.1-2.3.1.x86_64",
"product_id": "libopenssl1_1-32bit-1.1.1-2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-1_1-devel-1.1.1-2.3.1.x86_64",
"product": {
"name": "libopenssl-1_1-devel-1.1.1-2.3.1.x86_64",
"product_id": "libopenssl-1_1-devel-1.1.1-2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-1_1-devel-32bit-1.1.1-2.3.1.x86_64",
"product": {
"name": "libopenssl-1_1-devel-32bit-1.1.1-2.3.1.x86_64",
"product_id": "libopenssl-1_1-devel-32bit-1.1.1-2.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1-2.3.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4:libopenssl1_1-1.1.1-2.3.1.x86_64"
},
"product_reference": "libopenssl1_1-1.1.1-2.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-32bit-1.1.1-2.3.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4:libopenssl1_1-32bit-1.1.1-2.3.1.x86_64"
},
"product_reference": "libopenssl1_1-32bit-1.1.1-2.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1-2.3.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_1-devel-1.1.1-2.3.1.aarch64"
},
"product_reference": "libopenssl-1_1-devel-1.1.1-2.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1-2.3.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_1-devel-1.1.1-2.3.1.ppc64le"
},
"product_reference": "libopenssl-1_1-devel-1.1.1-2.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1-2.3.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_1-devel-1.1.1-2.3.1.s390x"
},
"product_reference": "libopenssl-1_1-devel-1.1.1-2.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-1.1.1-2.3.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_1-devel-1.1.1-2.3.1.x86_64"
},
"product_reference": "libopenssl-1_1-devel-1.1.1-2.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-32bit-1.1.1-2.3.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_1-devel-32bit-1.1.1-2.3.1.s390x"
},
"product_reference": "libopenssl-1_1-devel-32bit-1.1.1-2.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-1_1-devel-32bit-1.1.1-2.3.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_1-devel-32bit-1.1.1-2.3.1.x86_64"
},
"product_reference": "libopenssl-1_1-devel-32bit-1.1.1-2.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1-2.3.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:libopenssl1_1-1.1.1-2.3.1.aarch64"
},
"product_reference": "libopenssl1_1-1.1.1-2.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1-2.3.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:libopenssl1_1-1.1.1-2.3.1.ppc64le"
},
"product_reference": "libopenssl1_1-1.1.1-2.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1-2.3.1.s390x as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:libopenssl1_1-1.1.1-2.3.1.s390x"
},
"product_reference": "libopenssl1_1-1.1.1-2.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1-2.3.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:libopenssl1_1-1.1.1-2.3.1.x86_64"
},
"product_reference": "libopenssl1_1-1.1.1-2.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-32bit-1.1.1-2.3.1.s390x as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:libopenssl1_1-32bit-1.1.1-2.3.1.s390x"
},
"product_reference": "libopenssl1_1-32bit-1.1.1-2.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-32bit-1.1.1-2.3.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:libopenssl1_1-32bit-1.1.1-2.3.1.x86_64"
},
"product_reference": "libopenssl1_1-32bit-1.1.1-2.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1-2.3.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-1.1.1-2.3.1.aarch64"
},
"product_reference": "libopenssl1_1-1.1.1-2.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1-2.3.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-1.1.1-2.3.1.ppc64le"
},
"product_reference": "libopenssl1_1-1.1.1-2.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1-2.3.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-1.1.1-2.3.1.s390x"
},
"product_reference": "libopenssl1_1-1.1.1-2.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-1.1.1-2.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-1.1.1-2.3.1.x86_64"
},
"product_reference": "libopenssl1_1-1.1.1-2.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-32bit-1.1.1-2.3.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-32bit-1.1.1-2.3.1.s390x"
},
"product_reference": "libopenssl1_1-32bit-1.1.1-2.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl1_1-32bit-1.1.1-2.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-32bit-1.1.1-2.3.1.x86_64"
},
"product_reference": "libopenssl1_1-32bit-1.1.1-2.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-0734",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-0734"
}
],
"notes": [
{
"category": "general",
"text": "The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:libopenssl1_1-1.1.1-2.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libopenssl1_1-32bit-1.1.1-2.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_1-1.1.1-2.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_1-1.1.1-2.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_1-1.1.1-2.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_1-1.1.1-2.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_1-32bit-1.1.1-2.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_1-32bit-1.1.1-2.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-1.1.1-2.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-1.1.1-2.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-1.1.1-2.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-1.1.1-2.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-32bit-1.1.1-2.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-32bit-1.1.1-2.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_1-devel-1.1.1-2.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_1-devel-1.1.1-2.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_1-devel-1.1.1-2.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_1-devel-1.1.1-2.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_1-devel-32bit-1.1.1-2.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_1-devel-32bit-1.1.1-2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-0734",
"url": "https://www.suse.com/security/cve/CVE-2018-0734"
},
{
"category": "external",
"summary": "SUSE Bug 1113534 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1113534"
},
{
"category": "external",
"summary": "SUSE Bug 1113652 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1113652"
},
{
"category": "external",
"summary": "SUSE Bug 1113742 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1113742"
},
{
"category": "external",
"summary": "SUSE Bug 1122198 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1122198"
},
{
"category": "external",
"summary": "SUSE Bug 1122212 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1122212"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1148697 for CVE-2018-0734",
"url": "https://bugzilla.suse.com/1148697"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:libopenssl1_1-1.1.1-2.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libopenssl1_1-32bit-1.1.1-2.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_1-1.1.1-2.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_1-1.1.1-2.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_1-1.1.1-2.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_1-1.1.1-2.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_1-32bit-1.1.1-2.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_1-32bit-1.1.1-2.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-1.1.1-2.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-1.1.1-2.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-1.1.1-2.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-1.1.1-2.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-32bit-1.1.1-2.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-32bit-1.1.1-2.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_1-devel-1.1.1-2.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_1-devel-1.1.1-2.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_1-devel-1.1.1-2.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_1-devel-1.1.1-2.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_1-devel-32bit-1.1.1-2.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_1-devel-32bit-1.1.1-2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:libopenssl1_1-1.1.1-2.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libopenssl1_1-32bit-1.1.1-2.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_1-1.1.1-2.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_1-1.1.1-2.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_1-1.1.1-2.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_1-1.1.1-2.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_1-32bit-1.1.1-2.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_1-32bit-1.1.1-2.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-1.1.1-2.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-1.1.1-2.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-1.1.1-2.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-1.1.1-2.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-32bit-1.1.1-2.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-32bit-1.1.1-2.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_1-devel-1.1.1-2.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_1-devel-1.1.1-2.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_1-devel-1.1.1-2.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_1-devel-1.1.1-2.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_1-devel-32bit-1.1.1-2.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_1-devel-32bit-1.1.1-2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-29T11:38:54Z",
"details": "moderate"
}
],
"title": "CVE-2018-0734"
},
{
"cve": "CVE-2018-0735",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-0735"
}
],
"notes": [
{
"category": "general",
"text": "The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:libopenssl1_1-1.1.1-2.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libopenssl1_1-32bit-1.1.1-2.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_1-1.1.1-2.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_1-1.1.1-2.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_1-1.1.1-2.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_1-1.1.1-2.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_1-32bit-1.1.1-2.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_1-32bit-1.1.1-2.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-1.1.1-2.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-1.1.1-2.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-1.1.1-2.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-1.1.1-2.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-32bit-1.1.1-2.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-32bit-1.1.1-2.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_1-devel-1.1.1-2.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_1-devel-1.1.1-2.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_1-devel-1.1.1-2.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_1-devel-1.1.1-2.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_1-devel-32bit-1.1.1-2.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_1-devel-32bit-1.1.1-2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-0735",
"url": "https://www.suse.com/security/cve/CVE-2018-0735"
},
{
"category": "external",
"summary": "SUSE Bug 1113534 for CVE-2018-0735",
"url": "https://bugzilla.suse.com/1113534"
},
{
"category": "external",
"summary": "SUSE Bug 1113651 for CVE-2018-0735",
"url": "https://bugzilla.suse.com/1113651"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:libopenssl1_1-1.1.1-2.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libopenssl1_1-32bit-1.1.1-2.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_1-1.1.1-2.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_1-1.1.1-2.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_1-1.1.1-2.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_1-1.1.1-2.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_1-32bit-1.1.1-2.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_1-32bit-1.1.1-2.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-1.1.1-2.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-1.1.1-2.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-1.1.1-2.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-1.1.1-2.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-32bit-1.1.1-2.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-32bit-1.1.1-2.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_1-devel-1.1.1-2.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_1-devel-1.1.1-2.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_1-devel-1.1.1-2.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_1-devel-1.1.1-2.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_1-devel-32bit-1.1.1-2.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_1-devel-32bit-1.1.1-2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:libopenssl1_1-1.1.1-2.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:libopenssl1_1-32bit-1.1.1-2.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_1-1.1.1-2.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_1-1.1.1-2.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_1-1.1.1-2.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_1-1.1.1-2.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_1-32bit-1.1.1-2.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:libopenssl1_1-32bit-1.1.1-2.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-1.1.1-2.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-1.1.1-2.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-1.1.1-2.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-1.1.1-2.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-32bit-1.1.1-2.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:libopenssl1_1-32bit-1.1.1-2.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_1-devel-1.1.1-2.3.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_1-devel-1.1.1-2.3.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_1-devel-1.1.1-2.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_1-devel-1.1.1-2.3.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_1-devel-32bit-1.1.1-2.3.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:libopenssl-1_1-devel-32bit-1.1.1-2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-29T11:38:54Z",
"details": "moderate"
}
],
"title": "CVE-2018-0735"
}
]
}
ubuntu-cve-2018-0735
Vulnerability from osv_ubuntu
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libssl1.1",
"binary_version": "1.1.0g-2ubuntu4.3"
},
{
"binary_name": "openssl",
"binary_version": "1.1.0g-2ubuntu4.3"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "openssl",
"purl": "pkg:deb/ubuntu/openssl@1.1.0g-2ubuntu4.3?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.1.0g-2ubuntu4.3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.0.2g-1ubuntu13",
"1.0.2g-1ubuntu14",
"1.0.2n-1ubuntu1",
"1.1.0g-2ubuntu1",
"1.1.0g-2ubuntu2",
"1.1.0g-2ubuntu3",
"1.1.0g-2ubuntu4",
"1.1.0g-2ubuntu4.1"
]
}
],
"aliases": [],
"details": "The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).",
"id": "UBUNTU-CVE-2018-0735",
"modified": "2026-04-22T07:38:28Z",
"published": "2018-10-29T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2018-0735"
},
{
"type": "REPORT",
"url": "https://www.openssl.org/news/secadv/20181029.txt"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-3840-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0735"
}
],
"related": [
"USN-3840-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2018-0735"
]
}
VAR-201810-0933
Vulnerability from variot - Updated: 2024-11-23 20:01The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1). OpenSSL is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information. This may aid in further attacks. The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. The vulnerability stems from incorrect use of relevant cryptographic algorithms by network systems or products, resulting in improperly encrypted content, weak encryption, and storing sensitive information in plain text.
For the stable distribution (stretch), these problems have been fixed in version 1.1.0j-1~deb9u1. Going forward, openssl security updates for stretch will be based on the 1.1.0x upstream releases.
For the detailed security status of openssl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openssl
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlwBuAcACgkQEMKTtsN8 TjZbBw/+MOB5+pZbCHHXyH3IeD+yj+tSPvmNc3SCwdEtUxGXr0ZX7TKHfaLs/8s6 Udto0K8a1FvjrcUQCfhnFpNcSAv9pxX13Fr6Pd560miIfAu9/5jAqiCufCoiz+xj 45LNJGlaxxaFjgBGCitZSJA0Fc4SM6v5XFyJfR3kChdQ/3kGQbbMNAp16Fy3ZsxJ VXwviomUxmmmdvjxyhifTIpuwr9OiJSQ+13etQjTDQ3pzSbLBPSOxmpV0vPIC7I2 Dwa4zuQXA/DF4G6l8T4rXCwCN4e4pwbTc8bbCjXeZK+iVAhnRD6wXlS3cc5IVAzx /qTa89LZU8B6ylcB6nodeAHLuZTC3Le8ndoxYz5S2/jHZMM/jCQNHYJemHWNbOqn q+e5W0D1fIVLiLoL/iHW5XhN6yJY2Ma7zjXMRBnkzJA9CTNIKgUjrSFz0Ud+wIM/ u8QhNPwZ0hPd5IfSgIyWqmuQ5XzFYqAQvwT1gUJiK7tIvuT0VsSyKVaSZVbi4yrM 9sxkZaP1UNLcTVCFw6A0KFwhb9z6kQtyH1MRkFPphmnb8jlHA3cTdPJkFUBi3VaT 7izThm5/mVLbAjZ8X7nkqnzWzmc885j0ml3slDd/MOVWB5CD3vFAcI8k3VZr3A61 P2gNSN6UbAbLMGsxgs3hYUHgazi7MdXJ/aNavjGSbYBNL780Iaw=3Qji -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Low: openssl security, bug fix, and enhancement update Advisory ID: RHSA-2019:3700-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:3700 Issue date: 2019-11-05 CVE Names: CVE-2018-0734 CVE-2018-0735 CVE-2019-1543 =====================================================================
- Summary:
An update for openssl is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
The following packages have been upgraded to a later upstream version: openssl (1.1.1c).
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
- Bugs fixed (https://bugzilla.redhat.com/):
1644356 - CVE-2018-0735 openssl: timing side channel attack in the ECDSA signature generation 1644364 - CVE-2018-0734 openssl: timing side channel attack in the DSA signature algorithm 1668880 - ec man page lists -modulus but the tool doesn't support it 1686058 - specifying digest for signing time-stamping responses is mandatory 1686548 - Incorrect handling of fragmented KeyUpdate messages 1695954 - CVE-2019-1543 openssl: ChaCha20-Poly1305 with long nonces 1697915 - Race/segmentation fault on process shutdown in OpenSSL 1706104 - openssl asn1parse crashes with double free or corruption (!prev) 1706915 - OpenSSL should implement continuous random test or use the kernel AF_ALG interface for random 1712023 - openssl pkcs12 uses certpbe algorithm not compliant with FIPS by default 1714245 - DSA ciphers in TLS don't work with SHA-1 signatures even in LEGACY level
- Package List:
Red Hat Enterprise Linux BaseOS (v. 8):
Source: openssl-1.1.1c-2.el8.src.rpm
aarch64: openssl-1.1.1c-2.el8.aarch64.rpm openssl-debuginfo-1.1.1c-2.el8.aarch64.rpm openssl-debugsource-1.1.1c-2.el8.aarch64.rpm openssl-devel-1.1.1c-2.el8.aarch64.rpm openssl-libs-1.1.1c-2.el8.aarch64.rpm openssl-libs-debuginfo-1.1.1c-2.el8.aarch64.rpm openssl-perl-1.1.1c-2.el8.aarch64.rpm
ppc64le: openssl-1.1.1c-2.el8.ppc64le.rpm openssl-debuginfo-1.1.1c-2.el8.ppc64le.rpm openssl-debugsource-1.1.1c-2.el8.ppc64le.rpm openssl-devel-1.1.1c-2.el8.ppc64le.rpm openssl-libs-1.1.1c-2.el8.ppc64le.rpm openssl-libs-debuginfo-1.1.1c-2.el8.ppc64le.rpm openssl-perl-1.1.1c-2.el8.ppc64le.rpm
s390x: openssl-1.1.1c-2.el8.s390x.rpm openssl-debuginfo-1.1.1c-2.el8.s390x.rpm openssl-debugsource-1.1.1c-2.el8.s390x.rpm openssl-devel-1.1.1c-2.el8.s390x.rpm openssl-libs-1.1.1c-2.el8.s390x.rpm openssl-libs-debuginfo-1.1.1c-2.el8.s390x.rpm openssl-perl-1.1.1c-2.el8.s390x.rpm
x86_64: openssl-1.1.1c-2.el8.x86_64.rpm openssl-debuginfo-1.1.1c-2.el8.i686.rpm openssl-debuginfo-1.1.1c-2.el8.x86_64.rpm openssl-debugsource-1.1.1c-2.el8.i686.rpm openssl-debugsource-1.1.1c-2.el8.x86_64.rpm openssl-devel-1.1.1c-2.el8.i686.rpm openssl-devel-1.1.1c-2.el8.x86_64.rpm openssl-libs-1.1.1c-2.el8.i686.rpm openssl-libs-1.1.1c-2.el8.x86_64.rpm openssl-libs-debuginfo-1.1.1c-2.el8.i686.rpm openssl-libs-debuginfo-1.1.1c-2.el8.x86_64.rpm openssl-perl-1.1.1c-2.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2018-0734 https://access.redhat.com/security/cve/CVE-2018-0735 https://access.redhat.com/security/cve/CVE-2019-1543 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXcHzTdzjgjWX9erEAQjP6w/8D4eIfwgPbpKXdy3Y2kjmKhb9faqBJvHm eqpG5tewJQBtRAPm/R7SesrMVKGUEDAuiSKydQlQn8nuRIWDsKw14+uLRN7AyTQ3 jXy0pnp+C7O1hyJnwNEiXo9ZgUaXMMXLGyTk8v9gnzA/HYpZX1c4g4FXHf0ycBi/ thxllEiJx6CrEO3pszYzu1Lt9GFMOAJPvwbiW0S7mVmsNCI4n+5OfeNzmURXdObs 89/XCFrQO3CDAh3SXCZa08Ie8px7Aq8slmNWOswhlqIYkUWGUbICIpqW1+4XyAqz hVP8iqTY7TRwBPB0zoqmO5cxMY+jqMk/LphG+oTOF+ZA7YZH3bjDxJisCOr+ys+i WnTYAl1KFBqo5uhH4dBzNH2EE5PeiwKNKqu6Wws1qOblTFXb3AYSHsqLv6VB0m1B MXcUXrjSMwelSVAgK1eekJsYqCr3lT1+N8cA8P/sgT/DzGTNJhcoCE/OeJCUVBZL uGhke48CUs3GvXCKP0+PDpINRRllGwVqkkCQ7LtsXoB0hGaaGt+CNCd3aQj8rf02 mPi2Vab7CjBLUn1QGiNigLF4X4rKZlxiBcHDByyHdeCW+zHvGod7ksmJKXmHujvY pdg6toj/our0hhQp2dPTXFPKFtkO7GIIe19i+OZ6Rn0niVxSQbshiXyFFsvgZN0F 82vSbeKouJA= =mdzd -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-3840-1 December 06, 2018
openssl, openssl1.0 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in OpenSSL. (CVE-2018-0734)
Samuel Weiser discovered that OpenSSL incorrectly handled ECDSA signing. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-0735)
Billy Bob Brumley, Cesar Pereida Garcia, Sohaib ul Hassan, Nicola Tuveri, and Alejandro Cabrera Aldaya discovered that Simultaneous Multithreading (SMT) architectures are vulnerable to side-channel leakage. This issue is known as "PortSmash". (CVE-2018-5407)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.10: libssl1.0.0 1.0.2n-1ubuntu6.1 libssl1.1 1.1.1-1ubuntu2.1
Ubuntu 18.04 LTS: libssl1.0.0 1.0.2n-1ubuntu5.2 libssl1.1 1.1.0g-2ubuntu4.3
Ubuntu 16.04 LTS: libssl1.0.0 1.0.2g-1ubuntu4.14
Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.27
After a standard system update you need to reboot your computer to make all the necessary changes.
Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.1 or 1.1.0 at this time. The fix is also available in commit b1d6d55ece (for 1.1.1) and commit 56fb454d28 (for 1.1.0) in the OpenSSL git repository.
References
URL for this Security Advisory: https://www.openssl.org/news/secadv/20181029.txt
Note: the online version of the advisory may be updated with additional details over time.
For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201810-0933",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "openssl",
"scope": "eq",
"trust": 1.8,
"vendor": "openssl",
"version": "1.1.1"
},
{
"model": "mysql",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.7.24"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.2"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.0.0"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "11.3.0"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.4"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.2.0.0.0"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.56"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.57"
},
{
"model": "vm virtualbox",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0.0"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.0.1"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.7"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"model": "vm virtualbox",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "5.2.24"
},
{
"model": "steelstore",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.4"
},
{
"model": "application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "0.9.8"
},
{
"model": "cloud backup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "cn1610",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.55"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "11.0.0"
},
{
"model": "smi-s provider",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "openssl",
"scope": "lte",
"trust": 1.0,
"vendor": "openssl",
"version": "1.1.0i"
},
{
"model": "santricity smi-s provider",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "snapdrive",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.12.0"
},
{
"model": "mysql",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "oncommand unified manager",
"scope": "gte",
"trust": 1.0,
"vendor": "netapp",
"version": "9.4"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "mysql",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.7.0"
},
{
"model": "application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.0.0"
},
{
"model": "element software",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "node.js",
"scope": "eq",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.13.0"
},
{
"model": "api gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.2.4.0"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.3.3"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.10"
},
{
"model": "mysql",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.6.42"
},
{
"model": "tuxedo",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.1.0.0"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.1"
},
{
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.1"
},
{
"model": "openssl",
"scope": "gte",
"trust": 1.0,
"vendor": "openssl",
"version": "1.1.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0.5.0"
},
{
"model": "vm virtualbox",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.0.0"
},
{
"model": "oncommand unified manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": "*"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.0.0"
},
{
"model": "mysql",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.13"
},
{
"model": "ubuntu",
"scope": null,
"trust": 0.8,
"vendor": "canonical",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "cn1610",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "cloud backup",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "oncommand unified manager core package",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "santricity smi-s provider",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "steelstore cloud integrated storage",
"scope": null,
"trust": 0.8,
"vendor": "netapp",
"version": null
},
{
"model": "node.js",
"scope": null,
"trust": 0.8,
"vendor": "node js",
"version": null
},
{
"model": "openssl",
"scope": "eq",
"trust": 0.8,
"vendor": "openssl",
"version": "1.1.0 to 1.1.0i"
},
{
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.1"
},
{
"model": "project openssl 1.1.0i",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.1.0h",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.1.0g",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.1.0f",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.1.0e",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.1.0d",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.1.0c",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.1.0b",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"model": "project openssl 1.1.0a",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "105750"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014030"
},
{
"db": "NVD",
"id": "CVE-2018-0735"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:canonical:ubuntu_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:debian:debian_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:netapp:cn1610_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:netapp:cloud_backup",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:netapp:oncommand_unified_manager_core_package",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:netapp:santricity_smi-s_provider",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:netapp:steelstore_cloud_integrated_storage",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nodejs:node.js",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:openssl:openssl",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014030"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Samuel Weiser.",
"sources": [
{
"db": "BID",
"id": "105750"
}
],
"trust": 0.3
},
"cve": "CVE-2018-0735",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2018-0735",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-118937",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2018-0735",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-0735",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-0735",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-0735",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201810-1395",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-118937",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-0735",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118937"
},
{
"db": "VULMON",
"id": "CVE-2018-0735"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014030"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1395"
},
{
"db": "NVD",
"id": "CVE-2018-0735"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1). OpenSSL is prone to a local information-disclosure vulnerability. \nLocal attackers can exploit this issue to obtain sensitive information. This may aid in further attacks. The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. The vulnerability stems from incorrect use of relevant cryptographic algorithms by network systems or products, resulting in improperly encrypted content, weak encryption, and storing sensitive information in plain text. \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1.1.0j-1~deb9u1. Going forward, openssl security updates for\nstretch will be based on the 1.1.0x upstream releases. \n\nFor the detailed security status of openssl please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/openssl\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlwBuAcACgkQEMKTtsN8\nTjZbBw/+MOB5+pZbCHHXyH3IeD+yj+tSPvmNc3SCwdEtUxGXr0ZX7TKHfaLs/8s6\nUdto0K8a1FvjrcUQCfhnFpNcSAv9pxX13Fr6Pd560miIfAu9/5jAqiCufCoiz+xj\n45LNJGlaxxaFjgBGCitZSJA0Fc4SM6v5XFyJfR3kChdQ/3kGQbbMNAp16Fy3ZsxJ\nVXwviomUxmmmdvjxyhifTIpuwr9OiJSQ+13etQjTDQ3pzSbLBPSOxmpV0vPIC7I2\nDwa4zuQXA/DF4G6l8T4rXCwCN4e4pwbTc8bbCjXeZK+iVAhnRD6wXlS3cc5IVAzx\n/qTa89LZU8B6ylcB6nodeAHLuZTC3Le8ndoxYz5S2/jHZMM/jCQNHYJemHWNbOqn\nq+e5W0D1fIVLiLoL/iHW5XhN6yJY2Ma7zjXMRBnkzJA9CTNIKgUjrSFz0Ud+wIM/\nu8QhNPwZ0hPd5IfSgIyWqmuQ5XzFYqAQvwT1gUJiK7tIvuT0VsSyKVaSZVbi4yrM\n9sxkZaP1UNLcTVCFw6A0KFwhb9z6kQtyH1MRkFPphmnb8jlHA3cTdPJkFUBi3VaT\n7izThm5/mVLbAjZ8X7nkqnzWzmc885j0ml3slDd/MOVWB5CD3vFAcI8k3VZr3A61\nP2gNSN6UbAbLMGsxgs3hYUHgazi7MdXJ/aNavjGSbYBNL780Iaw=3Qji\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Low: openssl security, bug fix, and enhancement update\nAdvisory ID: RHSA-2019:3700-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:3700\nIssue date: 2019-11-05\nCVE Names: CVE-2018-0734 CVE-2018-0735 CVE-2019-1543 \n=====================================================================\n\n1. Summary:\n\nAn update for openssl is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Low. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. \n\nThe following packages have been upgraded to a later upstream version:\nopenssl (1.1.1c). \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.1 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1644356 - CVE-2018-0735 openssl: timing side channel attack in the ECDSA signature generation\n1644364 - CVE-2018-0734 openssl: timing side channel attack in the DSA signature algorithm\n1668880 - ec man page lists -modulus but the tool doesn\u0027t support it\n1686058 - specifying digest for signing time-stamping responses is mandatory\n1686548 - Incorrect handling of fragmented KeyUpdate messages\n1695954 - CVE-2019-1543 openssl: ChaCha20-Poly1305 with long nonces\n1697915 - Race/segmentation fault on process shutdown in OpenSSL\n1706104 - openssl asn1parse crashes with double free or corruption (!prev)\n1706915 - OpenSSL should implement continuous random test or use the kernel AF_ALG interface for random\n1712023 - openssl pkcs12 uses certpbe algorithm not compliant with FIPS by default\n1714245 - DSA ciphers in TLS don\u0027t work with SHA-1 signatures even in LEGACY level\n\n6. Package List:\n\nRed Hat Enterprise Linux BaseOS (v. 8):\n\nSource:\nopenssl-1.1.1c-2.el8.src.rpm\n\naarch64:\nopenssl-1.1.1c-2.el8.aarch64.rpm\nopenssl-debuginfo-1.1.1c-2.el8.aarch64.rpm\nopenssl-debugsource-1.1.1c-2.el8.aarch64.rpm\nopenssl-devel-1.1.1c-2.el8.aarch64.rpm\nopenssl-libs-1.1.1c-2.el8.aarch64.rpm\nopenssl-libs-debuginfo-1.1.1c-2.el8.aarch64.rpm\nopenssl-perl-1.1.1c-2.el8.aarch64.rpm\n\nppc64le:\nopenssl-1.1.1c-2.el8.ppc64le.rpm\nopenssl-debuginfo-1.1.1c-2.el8.ppc64le.rpm\nopenssl-debugsource-1.1.1c-2.el8.ppc64le.rpm\nopenssl-devel-1.1.1c-2.el8.ppc64le.rpm\nopenssl-libs-1.1.1c-2.el8.ppc64le.rpm\nopenssl-libs-debuginfo-1.1.1c-2.el8.ppc64le.rpm\nopenssl-perl-1.1.1c-2.el8.ppc64le.rpm\n\ns390x:\nopenssl-1.1.1c-2.el8.s390x.rpm\nopenssl-debuginfo-1.1.1c-2.el8.s390x.rpm\nopenssl-debugsource-1.1.1c-2.el8.s390x.rpm\nopenssl-devel-1.1.1c-2.el8.s390x.rpm\nopenssl-libs-1.1.1c-2.el8.s390x.rpm\nopenssl-libs-debuginfo-1.1.1c-2.el8.s390x.rpm\nopenssl-perl-1.1.1c-2.el8.s390x.rpm\n\nx86_64:\nopenssl-1.1.1c-2.el8.x86_64.rpm\nopenssl-debuginfo-1.1.1c-2.el8.i686.rpm\nopenssl-debuginfo-1.1.1c-2.el8.x86_64.rpm\nopenssl-debugsource-1.1.1c-2.el8.i686.rpm\nopenssl-debugsource-1.1.1c-2.el8.x86_64.rpm\nopenssl-devel-1.1.1c-2.el8.i686.rpm\nopenssl-devel-1.1.1c-2.el8.x86_64.rpm\nopenssl-libs-1.1.1c-2.el8.i686.rpm\nopenssl-libs-1.1.1c-2.el8.x86_64.rpm\nopenssl-libs-debuginfo-1.1.1c-2.el8.i686.rpm\nopenssl-libs-debuginfo-1.1.1c-2.el8.x86_64.rpm\nopenssl-perl-1.1.1c-2.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-0734\nhttps://access.redhat.com/security/cve/CVE-2018-0735\nhttps://access.redhat.com/security/cve/CVE-2019-1543\nhttps://access.redhat.com/security/updates/classification/#low\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXcHzTdzjgjWX9erEAQjP6w/8D4eIfwgPbpKXdy3Y2kjmKhb9faqBJvHm\neqpG5tewJQBtRAPm/R7SesrMVKGUEDAuiSKydQlQn8nuRIWDsKw14+uLRN7AyTQ3\njXy0pnp+C7O1hyJnwNEiXo9ZgUaXMMXLGyTk8v9gnzA/HYpZX1c4g4FXHf0ycBi/\nthxllEiJx6CrEO3pszYzu1Lt9GFMOAJPvwbiW0S7mVmsNCI4n+5OfeNzmURXdObs\n89/XCFrQO3CDAh3SXCZa08Ie8px7Aq8slmNWOswhlqIYkUWGUbICIpqW1+4XyAqz\nhVP8iqTY7TRwBPB0zoqmO5cxMY+jqMk/LphG+oTOF+ZA7YZH3bjDxJisCOr+ys+i\nWnTYAl1KFBqo5uhH4dBzNH2EE5PeiwKNKqu6Wws1qOblTFXb3AYSHsqLv6VB0m1B\nMXcUXrjSMwelSVAgK1eekJsYqCr3lT1+N8cA8P/sgT/DzGTNJhcoCE/OeJCUVBZL\nuGhke48CUs3GvXCKP0+PDpINRRllGwVqkkCQ7LtsXoB0hGaaGt+CNCd3aQj8rf02\nmPi2Vab7CjBLUn1QGiNigLF4X4rKZlxiBcHDByyHdeCW+zHvGod7ksmJKXmHujvY\npdg6toj/our0hhQp2dPTXFPKFtkO7GIIe19i+OZ6Rn0niVxSQbshiXyFFsvgZN0F\n82vSbeKouJA=\n=mdzd\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. ==========================================================================\nUbuntu Security Notice USN-3840-1\nDecember 06, 2018\n\nopenssl, openssl1.0 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 18.10\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenSSL. (CVE-2018-0734)\n\nSamuel Weiser discovered that OpenSSL incorrectly handled ECDSA signing. This issue only affected Ubuntu\n18.04 LTS and Ubuntu 18.10. (CVE-2018-0735)\n\nBilly Bob Brumley, Cesar Pereida Garcia, Sohaib ul Hassan, Nicola Tuveri,\nand Alejandro Cabrera Aldaya discovered that Simultaneous Multithreading\n(SMT) architectures are vulnerable to side-channel leakage. This issue is\nknown as \"PortSmash\". (CVE-2018-5407)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 18.10:\n libssl1.0.0 1.0.2n-1ubuntu6.1\n libssl1.1 1.1.1-1ubuntu2.1\n\nUbuntu 18.04 LTS:\n libssl1.0.0 1.0.2n-1ubuntu5.2\n libssl1.1 1.1.0g-2ubuntu4.3\n\nUbuntu 16.04 LTS:\n libssl1.0.0 1.0.2g-1ubuntu4.14\n\nUbuntu 14.04 LTS:\n libssl1.0.0 1.0.1f-1ubuntu2.27\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nDue to the low severity of this issue we are not issuing a new release\nof OpenSSL 1.1.1 or 1.1.0 at this time. The fix\nis also available in commit b1d6d55ece (for 1.1.1) and commit 56fb454d28\n(for 1.1.0) in the OpenSSL git repository. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20181029.txt\n\nNote: the online version of the advisory may be updated with additional details\nover time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/policies/secpolicy.html\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-0735"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014030"
},
{
"db": "BID",
"id": "105750"
},
{
"db": "VULHUB",
"id": "VHN-118937"
},
{
"db": "VULMON",
"id": "CVE-2018-0735"
},
{
"db": "PACKETSTORM",
"id": "150561"
},
{
"db": "PACKETSTORM",
"id": "155160"
},
{
"db": "PACKETSTORM",
"id": "150683"
},
{
"db": "PACKETSTORM",
"id": "169669"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-0735",
"trust": 3.3
},
{
"db": "BID",
"id": "105750",
"trust": 2.1
},
{
"db": "SECTRACK",
"id": "1041986",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014030",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1395",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.0514",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1119",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0473",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0529",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3390.4",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-118937",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-0735",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150561",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "155160",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150683",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169669",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118937"
},
{
"db": "VULMON",
"id": "CVE-2018-0735"
},
{
"db": "BID",
"id": "105750"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014030"
},
{
"db": "PACKETSTORM",
"id": "150561"
},
{
"db": "PACKETSTORM",
"id": "155160"
},
{
"db": "PACKETSTORM",
"id": "150683"
},
{
"db": "PACKETSTORM",
"id": "169669"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1395"
},
{
"db": "NVD",
"id": "CVE-2018-0735"
}
]
},
"id": "VAR-201810-0933",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-118937"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:01:17.641000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "[SECURITY] [DLA 1586-1] openssl security update",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html"
},
{
"title": "DSA-4348",
"trust": 0.8,
"url": "https://www.debian.org/security/2018/dsa-4348"
},
{
"title": "Timing vulnerability in ECDSA signature generation (CVE-2018-0735)(56fb454)",
"trust": 0.8,
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=56fb454d281a023b3f950d969693553d3f3ceea1"
},
{
"title": "Timing vulnerability in ECDSA signature generation (CVE-2018-0735)(b1d6d55)",
"trust": 0.8,
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4"
},
{
"title": "NTAP-20181105-0002",
"trust": 0.8,
"url": "https://security.netapp.com/advisory/ntap-20181105-0002/"
},
{
"title": "November 2018 Security Releases",
"trust": 0.8,
"url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
},
{
"title": "Timing vulnerability in ECDSA signature generation (CVE-2018-0735)",
"trust": 0.8,
"url": "https://www.openssl.org/news/secadv/20181029.txt"
},
{
"title": "USN-3840-1",
"trust": 0.8,
"url": "https://usn.ubuntu.com/3840-1/"
},
{
"title": "OpenSSL Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86394"
},
{
"title": "Red Hat: Low: openssl security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20193700 - Security Advisory"
},
{
"title": "Ubuntu Security Notice: openssl, openssl1.0 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3840-1"
},
{
"title": "Red Hat: CVE-2018-0735",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2018-0735"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2018-0735"
},
{
"title": "Arch Linux Advisories: [ASA-201812-6] lib32-openssl: private key recovery",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201812-6"
},
{
"title": "Arch Linux Advisories: [ASA-201812-5] openssl: private key recovery",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201812-5"
},
{
"title": "IBM: Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=11a896cf16b3849254ae662b7748b708"
},
{
"title": "Debian Security Advisories: DSA-4348-1 openssl -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=322bd50b7b929759e38c99b73122a852"
},
{
"title": "IBM: IBM Security Bulletin: IBM Event Streams is affected by OpenSSL vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=efdce9b94f89918f3f2b2dfc69780ccd"
},
{
"title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM InfoSphere Information Server",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=d04b79d120c8d1de061ffc3f57258fcb"
},
{
"title": "IBM: IBM Security Bulletin: IBM InfoSphere Master Data Management Standard and Advanced Editions are affected by vulnerabilities in OpenSSL (CVE-2018-0735, CVE-2018-0734, CVE-2018-5407)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=c829d56f5888779e791387897875c4b4"
},
{
"title": "IBM: IBM Security Bulletin: Multiple Security Vulnerabilities affect IBM\u00ae Cloud Private \u2013 Node.js",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=2e571e7bc5566212c3e69e37ecfa5ad4"
},
{
"title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Rational Application Developer for WebSphere Software",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=2bd72b857f21f300d83d07a791be44cf"
},
{
"title": "IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Management V2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=dce787e9d669a768893a91801bf5eea4"
},
{
"title": "IBM: IBM Security Bulletin: Multiple vulnerabilities affect IBM\u00ae SDK for Node.js\u2122 in IBM Cloud",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=26f585287da19915b94b6cae2d1b864f"
},
{
"title": "IBM: IBM Security Bulletin: Multiple Security Vulnerabilities affect IBM\u00ae Cloud Private \u2013 fluentd",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=60de0933c28b353f38df30120aa2a908"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2019",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=f655264a6935505d167bbf45f409a57b"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2019",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=aea3fcafd82c179d3a5dfa015e920864"
},
{
"title": "IBM: IBM Security Bulletin: Vyatta 5600 vRouter Software Patches \u2013 Release 1801-v",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=413b5f9466c1ebf3ab090a45e189b43e"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2018-0735 "
},
{
"title": "vyger",
"trust": 0.1,
"url": "https://github.com/mrodden/vyger "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-0735"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014030"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1395"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-327",
"trust": 1.1
},
{
"problemtype": "CWE-320",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118937"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014030"
},
{
"db": "NVD",
"id": "CVE-2018-0735"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/105750"
},
{
"trust": 2.2,
"url": "https://www.openssl.org/news/secadv/20181029.txt"
},
{
"trust": 2.0,
"url": "https://access.redhat.com/errata/rhsa-2019:3700"
},
{
"trust": 1.9,
"url": "https://usn.ubuntu.com/3840-1/"
},
{
"trust": 1.8,
"url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20181105-0002/"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"trust": 1.8,
"url": "https://www.debian.org/security/2018/dsa-4348"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1041986"
},
{
"trust": 1.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0735"
},
{
"trust": 1.1,
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=56fb454d281a023b3f950d969693553d3f3ceea1"
},
{
"trust": 1.1,
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0735"
},
{
"trust": 0.7,
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=56fb454d281a023b3f950d969693553d3f3ceea1"
},
{
"trust": 0.7,
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4"
},
{
"trust": 0.6,
"url": "https://support.symantec.com/us/en/article.symsa1490.html"
},
{
"trust": 0.6,
"url": "http://www.ibm.com/support/docview.wss"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-tivoli-netcool-system-service-monitors-application-service-monitors-cve-2018-5407cve-2020-1967cve-2018-0734cve-2019-1563cve-2019/"
},
{
"trust": 0.6,
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10876540"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0529/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10869830"
},
{
"trust": 0.6,
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10792231"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1143442"
},
{
"trust": 0.6,
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10870936"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/78342"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3390.4/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1169932"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/75618"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-spectrum-protect-plus-cve-2018-0735-cve-2018-0734-cve-2018-5407/"
},
{
"trust": 0.6,
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10873310"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/75802"
},
{
"trust": 0.3,
"url": "https://github.com/openssl/openssl/commit/56fb454d281a023b3f950d969693553d3f3ceea1"
},
{
"trust": 0.3,
"url": "http://openssl.org/"
},
{
"trust": 0.3,
"url": "https://github.com/openssl/openssl/commit/b1d6d55ece1c26fa2829e2b819b038d7b6d692b4"
},
{
"trust": 0.3,
"url": "https://www.openssl.org/news/vulnerabilities.html"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0734"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5407"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/327.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2018-0735"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=59068"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0737"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0732"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/openssl"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1543"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-0735"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-1543"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-0734"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/1.1.1-1ubuntu2.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/1.0.2g-1ubuntu4.14"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.27"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/1.1.0g-2ubuntu4.3"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/usn/usn-3840-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl1.0/1.0.2n-1ubuntu6.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl1.0/1.0.2n-1ubuntu5.2"
},
{
"trust": 0.1,
"url": "https://www.openssl.org/policies/secpolicy.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118937"
},
{
"db": "VULMON",
"id": "CVE-2018-0735"
},
{
"db": "BID",
"id": "105750"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014030"
},
{
"db": "PACKETSTORM",
"id": "150561"
},
{
"db": "PACKETSTORM",
"id": "155160"
},
{
"db": "PACKETSTORM",
"id": "150683"
},
{
"db": "PACKETSTORM",
"id": "169669"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1395"
},
{
"db": "NVD",
"id": "CVE-2018-0735"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-118937"
},
{
"db": "VULMON",
"id": "CVE-2018-0735"
},
{
"db": "BID",
"id": "105750"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014030"
},
{
"db": "PACKETSTORM",
"id": "150561"
},
{
"db": "PACKETSTORM",
"id": "155160"
},
{
"db": "PACKETSTORM",
"id": "150683"
},
{
"db": "PACKETSTORM",
"id": "169669"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1395"
},
{
"db": "NVD",
"id": "CVE-2018-0735"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-29T00:00:00",
"db": "VULHUB",
"id": "VHN-118937"
},
{
"date": "2018-10-29T00:00:00",
"db": "VULMON",
"id": "CVE-2018-0735"
},
{
"date": "2018-10-29T00:00:00",
"db": "BID",
"id": "105750"
},
{
"date": "2019-03-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014030"
},
{
"date": "2018-12-03T21:06:37",
"db": "PACKETSTORM",
"id": "150561"
},
{
"date": "2019-11-06T15:56:37",
"db": "PACKETSTORM",
"id": "155160"
},
{
"date": "2018-12-07T01:03:36",
"db": "PACKETSTORM",
"id": "150683"
},
{
"date": "2018-10-29T12:12:12",
"db": "PACKETSTORM",
"id": "169669"
},
{
"date": "2018-10-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-1395"
},
{
"date": "2018-10-29T13:29:00.263000",
"db": "NVD",
"id": "CVE-2018-0735"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-118937"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2018-0735"
},
{
"date": "2018-10-29T00:00:00",
"db": "BID",
"id": "105750"
},
{
"date": "2019-03-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014030"
},
{
"date": "2020-12-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-1395"
},
{
"date": "2024-11-21T03:38:50.413000",
"db": "NVD",
"id": "CVE-2018-0735"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-1395"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSSL ECDSA Vulnerabilities related to key management errors in signature algorithms",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014030"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-1395"
}
],
"trust": 0.6
}
}
WID-SEC-W-2023-3084
Vulnerability from csaf_certbund - Published: 2018-10-28 23:00 - Updated: 2024-11-25 23:00Es existiert eine Schwachstelle in OpenSSL. Der OpenSSL ECDSA-Signaturalgorithmus ist anfällig für einen Timing-Seitenkanalangriff. Ein Angreifer kann Variationen im Signaturalgorithmus verwenden, um den privaten Schlüssel offenzulegen.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
NetApp OnCommand Unified Manager
NetApp
|
cpe:/a:netapp:oncommand_unified_manager:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Open Source OpenSSL <1.1.0j
Open Source / OpenSSL
|
<1.1.0j | ||
|
Open Source OpenSSL <1.1.1a
Open Source / OpenSSL
|
<1.1.1a | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— |
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "OpenSSL ist eine im Quelltext frei verf\u00fcgbare Bibliothek, die Secure Sockets Layer (SSL) und Transport Layer Security (TLS) implementiert.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in OpenSSL ausnutzen, um den privaten Schl\u00fcssesl offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-3084 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2018/wid-sec-w-2023-3084.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-3084 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-3084"
},
{
"category": "external",
"summary": "OpenSSL Security Advisory vom 2018-10-28",
"url": "http://www.openssl.org/news/secadv/20181029.txt"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2018:3863-1 vom 2018-11-23",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183863-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2018:3945-1 vom 2018-11-30",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183945-1.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-4348 vom 2018-12-01",
"url": "https://www.debian.org/security/2018/dsa-4348"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-3840-1 vom 2018-12-07",
"url": "http://www.ubuntu.com/usn/usn-3840-1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2019:3700 vom 2019-11-05",
"url": "https://access.redhat.com/errata/RHSA-2019:3700"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2021-9121 vom 2021-04-06",
"url": "https://linux.oracle.com/errata/ELSA-2021-9121.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-13027 vom 2023-12-07",
"url": "https://linux.oracle.com/errata/ELSA-2023-13027.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-32791 vom 2023-12-07",
"url": "https://linux.oracle.com/errata/ELSA-2023-32791.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-32790 vom 2023-12-07",
"url": "https://linux.oracle.com/errata/ELSA-2023-32790.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-13026 vom 2023-12-07",
"url": "https://linux.oracle.com/errata/ELSA-2023-13026.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-13024 vom 2023-12-07",
"url": "https://linux.oracle.com/errata/ELSA-2023-13024.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2023-13025 vom 2023-12-07",
"url": "https://linux.oracle.com/errata/ELSA-2023-13025.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-12842 vom 2024-11-25",
"url": "https://linux.oracle.com/errata/ELSA-2024-12842.html"
}
],
"source_lang": "en-US",
"title": "OpenSSL: Schwachstelle erm\u00f6glicht die Offenlegung des privaten Schl\u00fcssels",
"tracking": {
"current_release_date": "2024-11-25T23:00:00.000+00:00",
"generator": {
"date": "2024-11-26T09:25:04.270+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.8"
}
},
"id": "WID-SEC-W-2023-3084",
"initial_release_date": "2018-10-28T23:00:00.000+00:00",
"revision_history": [
{
"date": "2018-10-28T23:00:00.000+00:00",
"number": "1",
"summary": "Initial Release"
},
{
"date": "2018-11-05T23:00:00.000+00:00",
"number": "2",
"summary": "Added references"
},
{
"date": "2018-11-07T23:00:00.000+00:00",
"number": "3",
"summary": "Produkt erg\u00e4nzt"
},
{
"date": "2018-11-22T23:00:00.000+00:00",
"number": "4",
"summary": "New remediations available"
},
{
"date": "2018-11-29T23:00:00.000+00:00",
"number": "5",
"summary": "New remediations available"
},
{
"date": "2018-12-02T23:00:00.000+00:00",
"number": "6",
"summary": "New remediations available"
},
{
"date": "2018-12-06T23:00:00.000+00:00",
"number": "7",
"summary": "New remediations available"
},
{
"date": "2019-01-15T23:00:00.000+00:00",
"number": "8",
"summary": "Referenz(en) aufgenommen: FEDORA-2019-A8FFCFF7EE"
},
{
"date": "2019-11-05T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2021-04-06T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2023-12-07T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-11-25T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Oracle Linux aufgenommen"
}
],
"status": "final",
"version": "12"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "NetApp OnCommand Unified Manager",
"product": {
"name": "NetApp OnCommand Unified Manager",
"product_id": "T009408",
"product_identification_helper": {
"cpe": "cpe:/a:netapp:oncommand_unified_manager:-"
}
}
}
],
"category": "vendor",
"name": "NetApp"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.1.1a",
"product": {
"name": "Open Source OpenSSL \u003c1.1.1a",
"product_id": "T013003"
}
},
{
"category": "product_version",
"name": "1.1.1a",
"product": {
"name": "Open Source OpenSSL 1.1.1a",
"product_id": "T013003-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:openssl:openssl:1.1.1a"
}
}
},
{
"category": "product_version_range",
"name": "\u003c1.1.0j",
"product": {
"name": "Open Source OpenSSL \u003c1.1.0j",
"product_id": "T013004"
}
},
{
"category": "product_version",
"name": "1.1.0j",
"product": {
"name": "Open Source OpenSSL 1.1.0j",
"product_id": "T013004-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:openssl:openssl:1.1.0j"
}
}
}
],
"category": "product_name",
"name": "OpenSSL"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-0735",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in OpenSSL. Der OpenSSL ECDSA-Signaturalgorithmus ist anf\u00e4llig f\u00fcr einen Timing-Seitenkanalangriff. Ein Angreifer kann Variationen im Signaturalgorithmus verwenden, um den privaten Schl\u00fcssel offenzulegen."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"T009408",
"67646",
"T000126",
"T013004",
"T013003",
"T004914"
]
},
"release_date": "2018-10-28T23:00:00.000+00:00",
"title": "CVE-2018-0735"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.