VAR-201811-0912
Vulnerability from variot - Updated: 2026-03-09 22:49Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'. OpenSSL is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information. This may aid in further attacks. The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. This vulnerability stems from configuration errors in network systems or products during operation. OpenSSL Security Advisory [12 November 2018] ============================================
Microarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407)
Severity: Low
OpenSSL ECC scalar multiplication, used in e.g. ECDSA and ECDH, has been shown to be vulnerable to a microarchitecture timing side channel attack. An attacker with sufficient access to mount local timing attacks during ECDSA signature generation could recover the private key.
This issue does not impact OpenSSL 1.1.1 and is already fixed in the latest version of OpenSSL 1.1.0 (1.1.0i). OpenSSL 1.0.2 is affected but due to the low severity of this issue we are not creating a new release at this time. The 1.0.2 mitigation for this issue can be found in commit b18162a7c.
OpenSSL 1.1.0 users should upgrade to 1.1.0i.
This issue was reported to OpenSSL on 26th October 2018 by Alejandro Cabrera Aldaya, Billy Brumley, Sohaib ul Hassan, Cesar Pereida Garcia and Nicola Tuveri.
Note
OpenSSL 1.1.0 is currently only receiving security updates. Support for this version will end on 11th September 2019. Users of this version should upgrade to OpenSSL 1.1.1.
References
URL for this Security Advisory: https://www.openssl.org/news/secadv/20181112.txt
Note: the online version of the advisory may be updated with additional details over time.
For details of OpenSSL severity classifications please see: https://www.openssl.org/policies/secpolicy.html .
Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.2q-i586-1_slack14.2.txz: Upgraded. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734 ( Security fix ) patches/packages/openssl-solibs-1.0.2q-i586-1_slack14.2.txz: Upgraded. +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1u-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1u-i486-1_slack14.0.txz
Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1u-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1u-x86_64-1_slack14.0.txz
Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1u-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1u-i486-1_slack14.1.txz
Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1u-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1u-x86_64-1_slack14.1.txz
Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-1.0.2q-i586-1_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-solibs-1.0.2q-i586-1_slack14.2.txz
Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-1.0.2q-x86_64-1_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-solibs-1.0.2q-x86_64-1_slack14.2.txz
Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.1.1a-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.1.1a-i586-1.txz
Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.1.1a-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.1.1a-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 14.0 packages: e6d4b3a76383f9f253da4128ba23f269 openssl-1.0.1u-i486-1_slack14.0.txz c61d31a1751ae39af89d3fee0b54f0d8 openssl-solibs-1.0.1u-i486-1_slack14.0.txz
Slackware x86_64 14.0 packages: 96be19e6a96c9beb5d3bbc55348fb483 openssl-1.0.1u-x86_64-1_slack14.0.txz b7a8fa2ebd16c8ae106fc1267bc29eca openssl-solibs-1.0.1u-x86_64-1_slack14.0.txz
Slackware 14.1 packages: 099b960e62eaea5d1a639a61a2fabca7 openssl-1.0.1u-i486-1_slack14.1.txz b5d5219e05db97f63c4d6c389d6884fb openssl-solibs-1.0.1u-i486-1_slack14.1.txz
Slackware x86_64 14.1 packages: fc96c87d76c9d1efd1290ac847fa7c7c openssl-1.0.1u-x86_64-1_slack14.1.txz e873b66f84f45ea34d028a3d524ce573 openssl-solibs-1.0.1u-x86_64-1_slack14.1.txz
Slackware 14.2 packages: d5f0cc19451e9c7e3967820cf02a20c6 openssl-1.0.2q-i586-1_slack14.2.txz 594ca80447baecd608a51083b12a26d9 openssl-solibs-1.0.2q-i586-1_slack14.2.txz
Slackware x86_64 14.2 packages: 943bb2f3259ccf97a1b8b25f5f511c30 openssl-1.0.2q-x86_64-1_slack14.2.txz 0d45afe2487c47b283c06902c56e4559 openssl-solibs-1.0.2q-x86_64-1_slack14.2.txz
Slackware -current packages: 6f01f6dd0f40a12e473320386cfc8536 a/openssl-solibs-1.1.1a-i586-1.txz 6e5a2ab2475a0d851376d12911b3c6b7 n/openssl-1.1.1a-i586-1.txz
Slackware x86_64 -current packages: eb4697703f1f4b81ad38e9247ab70dac a/openssl-solibs-1.1.1a-x86_64-1.txz 12a10fd6bd2344b3e73106c8d5b9828c n/openssl-1.1.1a-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the packages as root:
upgradepkg openssl-1.0.2q-i586-1_slack14.2.txz openssl-solibs-1.0.2q-i586-1_slack14.2.txz
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. Solution:
For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html
- Description:
This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.
Security Fix(es):
- openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys (CVE-2018-0737) * openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734) * mod_auth_digest: access control bypass due to race condition (CVE-2019-0217) * openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407) * mod_session_cookie does not respect expiry time (CVE-2018-17199) * mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189) * mod_http2: possible crash on late upgrade (CVE-2019-0197) * mod_http2: read-after-free on a string compare (CVE-2019-0196) * nghttp2: HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511) * nghttp2: HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513) * mod_http2: HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516) * mod_http2: HTTP/2: request for large response leads to denial of service (CVE-2019-9517)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. After installing the updated packages, the httpd daemon will be restarted automatically. Bugs fixed (https://bugzilla.redhat.com/):
1568253 - CVE-2018-0737 openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys 1644364 - CVE-2018-0734 openssl: timing side channel attack in the DSA signature algorithm 1645695 - CVE-2018-5407 openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) 1668493 - CVE-2018-17199 httpd: mod_session_cookie does not respect expiry time 1668497 - CVE-2018-17189 httpd: mod_http2: DoS via slow, unneeded request bodies 1695020 - CVE-2019-0217 httpd: mod_auth_digest: access control bypass due to race condition 1695030 - CVE-2019-0196 httpd: mod_http2: read-after-free on a string compare 1695042 - CVE-2019-0197 httpd: mod_http2: possible crash on late upgrade 1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames results in excessive resource consumption 1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service 1741864 - CVE-2019-9516 HTTP/2: 0-length headers lead to denial of service 1741868 - CVE-2019-9517 HTTP/2: request for large response leads to denial of service
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: openssl security and bug fix update Advisory ID: RHSA-2019:0483-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:0483 Issue date: 2019-03-12 CVE Names: CVE-2018-5407 ==================================================================== 1. Summary:
An update for openssl is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
Security Fix(es):
- openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
-
Perform the RSA signature self-tests with SHA-256 (BZ#1673914)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: openssl-1.0.2k-16.el7_6.1.src.rpm
x86_64: openssl-1.0.2k-16.el7_6.1.x86_64.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm openssl-libs-1.0.2k-16.el7_6.1.i686.rpm openssl-libs-1.0.2k-16.el7_6.1.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: openssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm openssl-devel-1.0.2k-16.el7_6.1.i686.rpm openssl-devel-1.0.2k-16.el7_6.1.x86_64.rpm openssl-perl-1.0.2k-16.el7_6.1.x86_64.rpm openssl-static-1.0.2k-16.el7_6.1.i686.rpm openssl-static-1.0.2k-16.el7_6.1.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: openssl-1.0.2k-16.el7_6.1.src.rpm
x86_64: openssl-1.0.2k-16.el7_6.1.x86_64.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm openssl-libs-1.0.2k-16.el7_6.1.i686.rpm openssl-libs-1.0.2k-16.el7_6.1.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: openssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm openssl-devel-1.0.2k-16.el7_6.1.i686.rpm openssl-devel-1.0.2k-16.el7_6.1.x86_64.rpm openssl-perl-1.0.2k-16.el7_6.1.x86_64.rpm openssl-static-1.0.2k-16.el7_6.1.i686.rpm openssl-static-1.0.2k-16.el7_6.1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: openssl-1.0.2k-16.el7_6.1.src.rpm
ppc64: openssl-1.0.2k-16.el7_6.1.ppc64.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.ppc.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.ppc64.rpm openssl-devel-1.0.2k-16.el7_6.1.ppc.rpm openssl-devel-1.0.2k-16.el7_6.1.ppc64.rpm openssl-libs-1.0.2k-16.el7_6.1.ppc.rpm openssl-libs-1.0.2k-16.el7_6.1.ppc64.rpm
ppc64le: openssl-1.0.2k-16.el7_6.1.ppc64le.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.ppc64le.rpm openssl-devel-1.0.2k-16.el7_6.1.ppc64le.rpm openssl-libs-1.0.2k-16.el7_6.1.ppc64le.rpm
s390x: openssl-1.0.2k-16.el7_6.1.s390x.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.s390.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.s390x.rpm openssl-devel-1.0.2k-16.el7_6.1.s390.rpm openssl-devel-1.0.2k-16.el7_6.1.s390x.rpm openssl-libs-1.0.2k-16.el7_6.1.s390.rpm openssl-libs-1.0.2k-16.el7_6.1.s390x.rpm
x86_64: openssl-1.0.2k-16.el7_6.1.x86_64.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm openssl-devel-1.0.2k-16.el7_6.1.i686.rpm openssl-devel-1.0.2k-16.el7_6.1.x86_64.rpm openssl-libs-1.0.2k-16.el7_6.1.i686.rpm openssl-libs-1.0.2k-16.el7_6.1.x86_64.rpm
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):
Source: openssl-1.0.2k-16.el7_6.1.src.rpm
aarch64: openssl-1.0.2k-16.el7_6.1.aarch64.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.aarch64.rpm openssl-devel-1.0.2k-16.el7_6.1.aarch64.rpm openssl-libs-1.0.2k-16.el7_6.1.aarch64.rpm
ppc64le: openssl-1.0.2k-16.el7_6.1.ppc64le.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.ppc64le.rpm openssl-devel-1.0.2k-16.el7_6.1.ppc64le.rpm openssl-libs-1.0.2k-16.el7_6.1.ppc64le.rpm
s390x: openssl-1.0.2k-16.el7_6.1.s390x.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.s390.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.s390x.rpm openssl-devel-1.0.2k-16.el7_6.1.s390.rpm openssl-devel-1.0.2k-16.el7_6.1.s390x.rpm openssl-libs-1.0.2k-16.el7_6.1.s390.rpm openssl-libs-1.0.2k-16.el7_6.1.s390x.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: openssl-debuginfo-1.0.2k-16.el7_6.1.ppc.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.ppc64.rpm openssl-perl-1.0.2k-16.el7_6.1.ppc64.rpm openssl-static-1.0.2k-16.el7_6.1.ppc.rpm openssl-static-1.0.2k-16.el7_6.1.ppc64.rpm
ppc64le: openssl-debuginfo-1.0.2k-16.el7_6.1.ppc64le.rpm openssl-perl-1.0.2k-16.el7_6.1.ppc64le.rpm openssl-static-1.0.2k-16.el7_6.1.ppc64le.rpm
s390x: openssl-debuginfo-1.0.2k-16.el7_6.1.s390.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.s390x.rpm openssl-perl-1.0.2k-16.el7_6.1.s390x.rpm openssl-static-1.0.2k-16.el7_6.1.s390.rpm openssl-static-1.0.2k-16.el7_6.1.s390x.rpm
x86_64: openssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm openssl-perl-1.0.2k-16.el7_6.1.x86_64.rpm openssl-static-1.0.2k-16.el7_6.1.i686.rpm openssl-static-1.0.2k-16.el7_6.1.x86_64.rpm
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):
aarch64: openssl-debuginfo-1.0.2k-16.el7_6.1.aarch64.rpm openssl-perl-1.0.2k-16.el7_6.1.aarch64.rpm openssl-static-1.0.2k-16.el7_6.1.aarch64.rpm
ppc64le: openssl-debuginfo-1.0.2k-16.el7_6.1.ppc64le.rpm openssl-perl-1.0.2k-16.el7_6.1.ppc64le.rpm openssl-static-1.0.2k-16.el7_6.1.ppc64le.rpm
s390x: openssl-debuginfo-1.0.2k-16.el7_6.1.s390.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.s390x.rpm openssl-perl-1.0.2k-16.el7_6.1.s390x.rpm openssl-static-1.0.2k-16.el7_6.1.s390.rpm openssl-static-1.0.2k-16.el7_6.1.s390x.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: openssl-1.0.2k-16.el7_6.1.src.rpm
x86_64: openssl-1.0.2k-16.el7_6.1.x86_64.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm openssl-devel-1.0.2k-16.el7_6.1.i686.rpm openssl-devel-1.0.2k-16.el7_6.1.x86_64.rpm openssl-libs-1.0.2k-16.el7_6.1.i686.rpm openssl-libs-1.0.2k-16.el7_6.1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: openssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm openssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm openssl-perl-1.0.2k-16.el7_6.1.x86_64.rpm openssl-static-1.0.2k-16.el7_6.1.i686.rpm openssl-static-1.0.2k-16.el7_6.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2018-5407 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXIj7zdzjgjWX9erEAQiieQ//TzEytTXxxzNqnsMz3yxbDgb1jni0dPYx 6If80sSKu32kPgoTUgTcoJ27jUIpupYHJj3ml1zhF0zTqMAd2fYXkl2/0HSzbX6z w7FKXiRuzoA8JNG+bbqNjLhwsJBP4Avqfi/S9Z/s/0v93ep54Aqo9pmxfZYJuUMQ GncD2JcidZXLm1sky4PFl59D94szXdRkkzS3xxYcp37dyAUxwqOyzDPwbDA4q3CO 4+TBL1hevmm5FSJjp/Bux70iEXubT+aGRM7Ab1Qex1h6rZjOfEgZabLOAJL9feGT mXPnML6DW96C4W9urZJZZcYJcZ34MfeH7TjaFKjfKeDIlb0fzdGuDqsrUXi95GjF atGtjkXsu5n2Nh3QQNvTRs5N+0w1PSp5VMlrQbeizE0FQVH60z6EUUGlcKEQglof Gs+pRtn7e9R/ncCNOrGAW0QbkmCGge3cg/kYlrJTt5dvQH1oSuG49ZqowG5It4vT kzIIDIhxrQrHE23eV7O1g48nV8/rPIZI6W2UuYs4sgQuWAtHx1gncWGXwiWRNtn1 38Iqnd+UBpxwBgb+fYYwZ54SOpLXGeUa1pR+ZV2+ToEmGM1yHQ+DMVKhRlAojKYa qwSvm7HPdu7ceUkW3HTOwU8llXOGmXJ0UIr+reqIJBemRg/24NeHZ20a9qMeybEX t5ytPgxAFC4=jvvo -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
For the stable distribution (stretch), these problems have been fixed in version 1.1.0j-1~deb9u1.
For the detailed security status of openssl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openssl
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlwBuAcACgkQEMKTtsN8 TjZbBw/+MOB5+pZbCHHXyH3IeD+yj+tSPvmNc3SCwdEtUxGXr0ZX7TKHfaLs/8s6 Udto0K8a1FvjrcUQCfhnFpNcSAv9pxX13Fr6Pd560miIfAu9/5jAqiCufCoiz+xj 45LNJGlaxxaFjgBGCitZSJA0Fc4SM6v5XFyJfR3kChdQ/3kGQbbMNAp16Fy3ZsxJ VXwviomUxmmmdvjxyhifTIpuwr9OiJSQ+13etQjTDQ3pzSbLBPSOxmpV0vPIC7I2 Dwa4zuQXA/DF4G6l8T4rXCwCN4e4pwbTc8bbCjXeZK+iVAhnRD6wXlS3cc5IVAzx /qTa89LZU8B6ylcB6nodeAHLuZTC3Le8ndoxYz5S2/jHZMM/jCQNHYJemHWNbOqn q+e5W0D1fIVLiLoL/iHW5XhN6yJY2Ma7zjXMRBnkzJA9CTNIKgUjrSFz0Ud+wIM/ u8QhNPwZ0hPd5IfSgIyWqmuQ5XzFYqAQvwT1gUJiK7tIvuT0VsSyKVaSZVbi4yrM 9sxkZaP1UNLcTVCFw6A0KFwhb9z6kQtyH1MRkFPphmnb8jlHA3cTdPJkFUBi3VaT 7izThm5/mVLbAjZ8X7nkqnzWzmc885j0ml3slDd/MOVWB5CD3vFAcI8k3VZr3A61 P2gNSN6UbAbLMGsxgs3hYUHgazi7MdXJ/aNavjGSbYBNL780Iaw=3Qji -----END PGP SIGNATURE----- . Description:
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "mysql enterprise backup",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "3.12.3"
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"_id": null,
"model": "mysql enterprise backup",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "4.1.2"
},
{
"_id": null,
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "6.14.4"
},
{
"_id": null,
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"_id": null,
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.0.0"
},
{
"_id": null,
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"_id": null,
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.2"
},
{
"_id": null,
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.0.0"
},
{
"_id": null,
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.2.0.0.0"
},
{
"_id": null,
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.56"
},
{
"_id": null,
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.57"
},
{
"_id": null,
"model": "vm virtualbox",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0.0"
},
{
"_id": null,
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.2"
},
{
"_id": null,
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "18.8"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"_id": null,
"model": "application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.0.1"
},
{
"_id": null,
"model": "primavera p6 enterprise project portfolio management",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.7"
},
{
"_id": null,
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"_id": null,
"model": "application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "0.9.8"
},
{
"_id": null,
"model": "nessus",
"scope": "lt",
"trust": 1.0,
"vendor": "tenable",
"version": "8.1.1"
},
{
"_id": null,
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.55"
},
{
"_id": null,
"model": "openssl",
"scope": "lt",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2q"
},
{
"_id": null,
"model": "openssl",
"scope": "gte",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.2"
},
{
"_id": null,
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"_id": null,
"model": "application server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.0.0"
},
{
"_id": null,
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"_id": null,
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "8.11.4"
},
{
"_id": null,
"model": "openssl",
"scope": "lt",
"trust": 1.0,
"vendor": "openssl",
"version": "1.1.0i"
},
{
"_id": null,
"model": "api gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.1.2.4.0"
},
{
"_id": null,
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.3.3"
},
{
"_id": null,
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.10"
},
{
"_id": null,
"model": "tuxedo",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.1.0.0"
},
{
"_id": null,
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "15.1"
},
{
"_id": null,
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "16.1"
},
{
"_id": null,
"model": "openssl",
"scope": "gte",
"trust": 1.0,
"vendor": "openssl",
"version": "1.1.0"
},
{
"_id": null,
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.0.5.0"
},
{
"_id": null,
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"_id": null,
"model": "primavera p6 enterprise project portfolio management",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"_id": null,
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3.0.0.0"
},
{
"_id": null,
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.9.0"
},
{
"_id": null,
"model": "primavera p6 enterprise project portfolio management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.4"
},
{
"_id": null,
"model": "mysql enterprise backup",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "3.12.4"
},
{
"_id": null,
"model": "openssl",
"scope": "eq",
"trust": 0.6,
"vendor": "openssl",
"version": "1.1.0h"
},
{
"_id": null,
"model": "nessus",
"scope": "eq",
"trust": 0.3,
"vendor": "tenable",
"version": "8.1"
},
{
"_id": null,
"model": "nessus",
"scope": "eq",
"trust": 0.3,
"vendor": "tenable",
"version": "8.0"
},
{
"_id": null,
"model": "nessus",
"scope": "eq",
"trust": 0.3,
"vendor": "tenable",
"version": "7.2.2"
},
{
"_id": null,
"model": "nessus",
"scope": "eq",
"trust": 0.3,
"vendor": "tenable",
"version": "7.2.1"
},
{
"_id": null,
"model": "nessus",
"scope": "eq",
"trust": 0.3,
"vendor": "tenable",
"version": "7.2"
},
{
"_id": null,
"model": "nessus",
"scope": "eq",
"trust": 0.3,
"vendor": "tenable",
"version": "7.1.3"
},
{
"_id": null,
"model": "nessus",
"scope": "eq",
"trust": 0.3,
"vendor": "tenable",
"version": "7.1.2"
},
{
"_id": null,
"model": "nessus",
"scope": "eq",
"trust": 0.3,
"vendor": "tenable",
"version": "7.1.1"
},
{
"_id": null,
"model": "nessus",
"scope": "eq",
"trust": 0.3,
"vendor": "tenable",
"version": "7.1"
},
{
"_id": null,
"model": "nessus",
"scope": "eq",
"trust": 0.3,
"vendor": "tenable",
"version": "6.9.3"
},
{
"_id": null,
"model": "nessus",
"scope": "eq",
"trust": 0.3,
"vendor": "tenable",
"version": "6.9"
},
{
"_id": null,
"model": "nessus",
"scope": "eq",
"trust": 0.3,
"vendor": "tenable",
"version": "6.8"
},
{
"_id": null,
"model": "nessus",
"scope": "eq",
"trust": 0.3,
"vendor": "tenable",
"version": "6.7"
},
{
"_id": null,
"model": "nessus",
"scope": "eq",
"trust": 0.3,
"vendor": "tenable",
"version": "6.6.2"
},
{
"_id": null,
"model": "nessus",
"scope": "eq",
"trust": 0.3,
"vendor": "tenable",
"version": "6.6.1"
},
{
"_id": null,
"model": "nessus",
"scope": "eq",
"trust": 0.3,
"vendor": "tenable",
"version": "6.6"
},
{
"_id": null,
"model": "nessus",
"scope": "eq",
"trust": 0.3,
"vendor": "tenable",
"version": "6.5.6"
},
{
"_id": null,
"model": "nessus",
"scope": "eq",
"trust": 0.3,
"vendor": "tenable",
"version": "6.5.5"
},
{
"_id": null,
"model": "nessus",
"scope": "eq",
"trust": 0.3,
"vendor": "tenable",
"version": "6.5.4"
},
{
"_id": null,
"model": "nessus",
"scope": "eq",
"trust": 0.3,
"vendor": "tenable",
"version": "6.5.3"
},
{
"_id": null,
"model": "nessus",
"scope": "eq",
"trust": 0.3,
"vendor": "tenable",
"version": "6.5.2"
},
{
"_id": null,
"model": "nessus",
"scope": "eq",
"trust": 0.3,
"vendor": "tenable",
"version": "6.5.1"
},
{
"_id": null,
"model": "nessus",
"scope": "eq",
"trust": 0.3,
"vendor": "tenable",
"version": "6.5"
},
{
"_id": null,
"model": "nessus",
"scope": "eq",
"trust": 0.3,
"vendor": "tenable",
"version": "6.4.3"
},
{
"_id": null,
"model": "nessus",
"scope": "eq",
"trust": 0.3,
"vendor": "tenable",
"version": "6.4.2"
},
{
"_id": null,
"model": "nessus",
"scope": "eq",
"trust": 0.3,
"vendor": "tenable",
"version": "6.4.1"
},
{
"_id": null,
"model": "nessus",
"scope": "eq",
"trust": 0.3,
"vendor": "tenable",
"version": "6.4"
},
{
"_id": null,
"model": "nessus",
"scope": "eq",
"trust": 0.3,
"vendor": "tenable",
"version": "6.3.7"
},
{
"_id": null,
"model": "nessus",
"scope": "eq",
"trust": 0.3,
"vendor": "tenable",
"version": "6.3.6"
},
{
"_id": null,
"model": "nessus",
"scope": "eq",
"trust": 0.3,
"vendor": "tenable",
"version": "6.3.5"
},
{
"_id": null,
"model": "nessus",
"scope": "eq",
"trust": 0.3,
"vendor": "tenable",
"version": "6.3.4"
},
{
"_id": null,
"model": "nessus",
"scope": "eq",
"trust": 0.3,
"vendor": "tenable",
"version": "6.3.3"
},
{
"_id": null,
"model": "nessus",
"scope": "eq",
"trust": 0.3,
"vendor": "tenable",
"version": "6.3.2"
},
{
"_id": null,
"model": "nessus",
"scope": "eq",
"trust": 0.3,
"vendor": "tenable",
"version": "6.3.1"
},
{
"_id": null,
"model": "nessus",
"scope": "eq",
"trust": 0.3,
"vendor": "tenable",
"version": "6.3"
},
{
"_id": null,
"model": "nessus",
"scope": "eq",
"trust": 0.3,
"vendor": "tenable",
"version": "6.2.1"
},
{
"_id": null,
"model": "nessus",
"scope": "eq",
"trust": 0.3,
"vendor": "tenable",
"version": "6.2"
},
{
"_id": null,
"model": "nessus",
"scope": "eq",
"trust": 0.3,
"vendor": "tenable",
"version": "6.1.2"
},
{
"_id": null,
"model": "nessus",
"scope": "eq",
"trust": 0.3,
"vendor": "tenable",
"version": "6.1.1"
},
{
"_id": null,
"model": "nessus",
"scope": "eq",
"trust": 0.3,
"vendor": "tenable",
"version": "6.1"
},
{
"_id": null,
"model": "nessus",
"scope": "eq",
"trust": 0.3,
"vendor": "tenable",
"version": "6.0.2"
},
{
"_id": null,
"model": "nessus",
"scope": "eq",
"trust": 0.3,
"vendor": "tenable",
"version": "6.0.1"
},
{
"_id": null,
"model": "nessus",
"scope": "eq",
"trust": 0.3,
"vendor": "tenable",
"version": "6.0"
},
{
"_id": null,
"model": "nessus",
"scope": "eq",
"trust": 0.3,
"vendor": "tenable",
"version": "5.2.7"
},
{
"_id": null,
"model": "nessus",
"scope": "eq",
"trust": 0.3,
"vendor": "tenable",
"version": "5.2.4"
},
{
"_id": null,
"model": "nessus",
"scope": "eq",
"trust": 0.3,
"vendor": "tenable",
"version": "5.2.3"
},
{
"_id": null,
"model": "nessus",
"scope": "eq",
"trust": 0.3,
"vendor": "tenable",
"version": "1.0.1"
},
{
"_id": null,
"model": "nessus",
"scope": "eq",
"trust": 0.3,
"vendor": "tenable",
"version": "7.0"
},
{
"_id": null,
"model": "nessus",
"scope": "eq",
"trust": 0.3,
"vendor": "tenable",
"version": "6.9.2"
},
{
"_id": null,
"model": "nessus",
"scope": "eq",
"trust": 0.3,
"vendor": "tenable",
"version": "6.9.1"
},
{
"_id": null,
"model": "nessus",
"scope": "eq",
"trust": 0.3,
"vendor": "tenable",
"version": "4.4.1"
},
{
"_id": null,
"model": "nessus",
"scope": "eq",
"trust": 0.3,
"vendor": "tenable",
"version": "3.0.3"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"_id": null,
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"_id": null,
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.4"
},
{
"_id": null,
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.3"
},
{
"_id": null,
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10"
},
{
"_id": null,
"model": "project openssl",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0.2"
},
{
"_id": null,
"model": "project openssl 1.1.0h",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 1.1.0g",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 1.1.0f",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 1.1.0e",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 1.1.0d",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 1.1.0c",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 1.1.0b",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 1.1.0a",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 1.0.2p",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 1.0.2o",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 1.0.2n",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 1.0.2m",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 1.0.2l-git",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 1.0.2l",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 1.0.2k",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 1.0.2j",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 1.0.2i",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 1.0.2h",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 1.0.2g",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 1.0.2f",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 1.0.2e",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 1.0.2d",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 1.0.2c",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 1.0.2b",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 1.0.2a",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 1.0.2-1.0.2o",
"scope": null,
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl beta1",
"scope": "eq",
"trust": 0.3,
"vendor": "openssl",
"version": "1.0.2"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.3"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.14"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.4.0"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.3.50"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.3.4"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.3.3"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.3.2"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.3.0"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.2.6"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.2.5"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.2.4"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.2.0"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.9"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.8"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.3"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.1"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.1.0"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.0.13"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.0.12"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.0.11"
},
{
"_id": null,
"model": "vios",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2.0.10"
},
{
"_id": null,
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"_id": null,
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"_id": null,
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"_id": null,
"model": "aix",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3"
},
{
"_id": null,
"model": "nessus",
"scope": "ne",
"trust": 0.3,
"vendor": "tenable",
"version": "8.1.1"
},
{
"_id": null,
"model": "project openssl",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": "1.1.1"
},
{
"_id": null,
"model": "project openssl 1.1.0i",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": null
},
{
"_id": null,
"model": "project openssl 1.0.2q",
"scope": "ne",
"trust": 0.3,
"vendor": "openssl",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "105897"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-279"
},
{
"db": "NVD",
"id": "CVE-2018-5407"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "152240"
},
{
"db": "PACKETSTORM",
"id": "155414"
},
{
"db": "PACKETSTORM",
"id": "155417"
},
{
"db": "PACKETSTORM",
"id": "155413"
},
{
"db": "PACKETSTORM",
"id": "152071"
},
{
"db": "PACKETSTORM",
"id": "155415"
}
],
"trust": 0.6
},
"cve": "CVE-2018-5407",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "CVE-2018-5407",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.0,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "VHN-135438",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.0,
"id": "CVE-2018-5407",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-5407",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201811-279",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-135438",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-135438"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-279"
},
{
"db": "NVD",
"id": "CVE-2018-5407"
}
]
},
"description": {
"_id": null,
"data": "Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on \u0027port contention\u0027. OpenSSL is prone to a local information-disclosure vulnerability. \nLocal attackers can exploit this issue to obtain sensitive information. This may aid in further attacks. The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. This vulnerability stems from configuration errors in network systems or products during operation. OpenSSL Security Advisory [12 November 2018]\n============================================\n\nMicroarchitecture timing vulnerability in ECC scalar multiplication (CVE-2018-5407)\n===================================================================================\n\nSeverity: Low\n\nOpenSSL ECC scalar multiplication, used in e.g. ECDSA and ECDH, has been shown\nto be vulnerable to a microarchitecture timing side channel attack. An attacker\nwith sufficient access to mount local timing attacks during ECDSA signature\ngeneration could recover the private key. \n\nThis issue does not impact OpenSSL 1.1.1 and is already fixed in the latest\nversion of OpenSSL 1.1.0 (1.1.0i). OpenSSL 1.0.2 is affected but due to the low\nseverity of this issue we are not creating a new release at this time. The 1.0.2\nmitigation for this issue can be found in commit b18162a7c. \n\nOpenSSL 1.1.0 users should upgrade to 1.1.0i. \n\nThis issue was reported to OpenSSL on 26th October 2018 by Alejandro Cabrera\nAldaya, Billy Brumley, Sohaib ul Hassan, Cesar Pereida Garcia and Nicola Tuveri. \n\nNote\n====\n\nOpenSSL 1.1.0 is currently only receiving security updates. Support for this\nversion will end on 11th September 2019. Users of this version should upgrade to\nOpenSSL 1.1.1. \n\nReferences\n==========\n\nURL for this Security Advisory:\nhttps://www.openssl.org/news/secadv/20181112.txt\n\nNote: the online version of the advisory may be updated with additional details\nover time. \n\nFor details of OpenSSL severity classifications please see:\nhttps://www.openssl.org/policies/secpolicy.html\n. \n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n+--------------------------+\npatches/packages/openssl-1.0.2q-i586-1_slack14.2.txz: Upgraded. \n For more information, see:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734\n (* Security fix *)\npatches/packages/openssl-solibs-1.0.2q-i586-1_slack14.2.txz: Upgraded. \n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1u-i486-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1u-i486-1_slack14.0.txz\n\nUpdated packages for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1u-x86_64-1_slack14.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1u-x86_64-1_slack14.0.txz\n\nUpdated packages for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1u-i486-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1u-i486-1_slack14.1.txz\n\nUpdated packages for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1u-x86_64-1_slack14.1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1u-x86_64-1_slack14.1.txz\n\nUpdated packages for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-1.0.2q-i586-1_slack14.2.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-solibs-1.0.2q-i586-1_slack14.2.txz\n\nUpdated packages for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-1.0.2q-x86_64-1_slack14.2.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-solibs-1.0.2q-x86_64-1_slack14.2.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.1.1a-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.1.1a-i586-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.1.1a-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.1.1a-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.0 packages:\ne6d4b3a76383f9f253da4128ba23f269 openssl-1.0.1u-i486-1_slack14.0.txz\nc61d31a1751ae39af89d3fee0b54f0d8 openssl-solibs-1.0.1u-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 packages:\n96be19e6a96c9beb5d3bbc55348fb483 openssl-1.0.1u-x86_64-1_slack14.0.txz\nb7a8fa2ebd16c8ae106fc1267bc29eca openssl-solibs-1.0.1u-x86_64-1_slack14.0.txz\n\nSlackware 14.1 packages:\n099b960e62eaea5d1a639a61a2fabca7 openssl-1.0.1u-i486-1_slack14.1.txz\nb5d5219e05db97f63c4d6c389d6884fb openssl-solibs-1.0.1u-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 packages:\nfc96c87d76c9d1efd1290ac847fa7c7c openssl-1.0.1u-x86_64-1_slack14.1.txz\ne873b66f84f45ea34d028a3d524ce573 openssl-solibs-1.0.1u-x86_64-1_slack14.1.txz\n\nSlackware 14.2 packages:\nd5f0cc19451e9c7e3967820cf02a20c6 openssl-1.0.2q-i586-1_slack14.2.txz\n594ca80447baecd608a51083b12a26d9 openssl-solibs-1.0.2q-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 packages:\n943bb2f3259ccf97a1b8b25f5f511c30 openssl-1.0.2q-x86_64-1_slack14.2.txz\n0d45afe2487c47b283c06902c56e4559 openssl-solibs-1.0.2q-x86_64-1_slack14.2.txz\n\nSlackware -current packages:\n6f01f6dd0f40a12e473320386cfc8536 a/openssl-solibs-1.1.1a-i586-1.txz\n6e5a2ab2475a0d851376d12911b3c6b7 n/openssl-1.1.1a-i586-1.txz\n\nSlackware x86_64 -current packages:\neb4697703f1f4b81ad38e9247ab70dac a/openssl-solibs-1.1.1a-x86_64-1.txz\n12a10fd6bd2344b3e73106c8d5b9828c n/openssl-1.1.1a-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg openssl-1.0.2q-i586-1_slack14.2.txz openssl-solibs-1.0.2q-i586-1_slack14.2.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. Solution:\n\nFor information on upgrading Ansible Tower, reference the Ansible Tower\nUpgrade and Migration Guide:\nhttps://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/\nindex.html\n\n4. Description:\n\nThis release adds the new Apache HTTP Server 2.4.37 packages that are part\nof the JBoss Core Services offering. \n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack\nApache Server 2.4.29 and includes bug fixes and enhancements. Refer to the\nRelease Notes for information on the most significant bug fixes and\nenhancements included in this release. \n\nSecurity Fix(es):\n\n* openssl: RSA key generation cache timing vulnerability in\ncrypto/rsa/rsa_gen.c allows attackers to recover private keys\n(CVE-2018-0737) * openssl: timing side channel attack in the DSA signature\nalgorithm (CVE-2018-0734) * mod_auth_digest: access control bypass due to\nrace condition (CVE-2019-0217) * openssl: Side-channel vulnerability on\nSMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407) *\nmod_session_cookie does not respect expiry time (CVE-2018-17199) *\nmod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189) *\nmod_http2: possible crash on late upgrade (CVE-2019-0197) * mod_http2:\nread-after-free on a string compare (CVE-2019-0196) * nghttp2: HTTP/2:\nlarge amount of data request leads to denial of service (CVE-2019-9511) *\nnghttp2: HTTP/2: flood using PRIORITY frames resulting in excessive\nresource consumption (CVE-2019-9513) * mod_http2: HTTP/2: 0-length headers\nleads to denial of service (CVE-2019-9516) * mod_http2: HTTP/2: request for\nlarge response leads to denial of service (CVE-2019-9517)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. After installing the updated\npackages, the httpd daemon will be restarted automatically. Bugs fixed (https://bugzilla.redhat.com/):\n\n1568253 - CVE-2018-0737 openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys\n1644364 - CVE-2018-0734 openssl: timing side channel attack in the DSA signature algorithm\n1645695 - CVE-2018-5407 openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)\n1668493 - CVE-2018-17199 httpd: mod_session_cookie does not respect expiry time\n1668497 - CVE-2018-17189 httpd: mod_http2: DoS via slow, unneeded request bodies\n1695020 - CVE-2019-0217 httpd: mod_auth_digest: access control bypass due to race condition\n1695030 - CVE-2019-0196 httpd: mod_http2: read-after-free on a string compare\n1695042 - CVE-2019-0197 httpd: mod_http2: possible crash on late upgrade\n1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames results in excessive resource consumption\n1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service\n1741864 - CVE-2019-9516 HTTP/2: 0-length headers lead to denial of service\n1741868 - CVE-2019-9517 HTTP/2: request for large response leads to denial of service\n\n6. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: openssl security and bug fix update\nAdvisory ID: RHSA-2019:0483-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:0483\nIssue date: 2019-03-12\nCVE Names: CVE-2018-5407\n====================================================================\n1. Summary:\n\nAn update for openssl is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. \n\nSecurity Fix(es):\n\n* openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures\n(PortSmash) (CVE-2018-5407)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* Perform the RSA signature self-tests with SHA-256 (BZ#1673914)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. \n\n5. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nopenssl-1.0.2k-16.el7_6.1.src.rpm\n\nx86_64:\nopenssl-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-perl-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-static-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-static-1.0.2k-16.el7_6.1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nopenssl-1.0.2k-16.el7_6.1.src.rpm\n\nx86_64:\nopenssl-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-perl-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-static-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-static-1.0.2k-16.el7_6.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nopenssl-1.0.2k-16.el7_6.1.src.rpm\n\nppc64:\nopenssl-1.0.2k-16.el7_6.1.ppc64.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.ppc.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.ppc64.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.ppc.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.ppc64.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.ppc.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.ppc64.rpm\n\nppc64le:\nopenssl-1.0.2k-16.el7_6.1.ppc64le.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.ppc64le.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.ppc64le.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.ppc64le.rpm\n\ns390x:\nopenssl-1.0.2k-16.el7_6.1.s390x.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.s390.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.s390x.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.s390.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.s390x.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.s390.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.s390x.rpm\n\nx86_64:\nopenssl-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.x86_64.rpm\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):\n\nSource:\nopenssl-1.0.2k-16.el7_6.1.src.rpm\n\naarch64:\nopenssl-1.0.2k-16.el7_6.1.aarch64.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.aarch64.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.aarch64.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.aarch64.rpm\n\nppc64le:\nopenssl-1.0.2k-16.el7_6.1.ppc64le.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.ppc64le.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.ppc64le.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.ppc64le.rpm\n\ns390x:\nopenssl-1.0.2k-16.el7_6.1.s390x.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.s390.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.s390x.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.s390.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.s390x.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.s390.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.s390x.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nopenssl-debuginfo-1.0.2k-16.el7_6.1.ppc.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.ppc64.rpm\nopenssl-perl-1.0.2k-16.el7_6.1.ppc64.rpm\nopenssl-static-1.0.2k-16.el7_6.1.ppc.rpm\nopenssl-static-1.0.2k-16.el7_6.1.ppc64.rpm\n\nppc64le:\nopenssl-debuginfo-1.0.2k-16.el7_6.1.ppc64le.rpm\nopenssl-perl-1.0.2k-16.el7_6.1.ppc64le.rpm\nopenssl-static-1.0.2k-16.el7_6.1.ppc64le.rpm\n\ns390x:\nopenssl-debuginfo-1.0.2k-16.el7_6.1.s390.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.s390x.rpm\nopenssl-perl-1.0.2k-16.el7_6.1.s390x.rpm\nopenssl-static-1.0.2k-16.el7_6.1.s390.rpm\nopenssl-static-1.0.2k-16.el7_6.1.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-perl-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-static-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-static-1.0.2k-16.el7_6.1.x86_64.rpm\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):\n\naarch64:\nopenssl-debuginfo-1.0.2k-16.el7_6.1.aarch64.rpm\nopenssl-perl-1.0.2k-16.el7_6.1.aarch64.rpm\nopenssl-static-1.0.2k-16.el7_6.1.aarch64.rpm\n\nppc64le:\nopenssl-debuginfo-1.0.2k-16.el7_6.1.ppc64le.rpm\nopenssl-perl-1.0.2k-16.el7_6.1.ppc64le.rpm\nopenssl-static-1.0.2k-16.el7_6.1.ppc64le.rpm\n\ns390x:\nopenssl-debuginfo-1.0.2k-16.el7_6.1.s390.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.s390x.rpm\nopenssl-perl-1.0.2k-16.el7_6.1.s390x.rpm\nopenssl-static-1.0.2k-16.el7_6.1.s390.rpm\nopenssl-static-1.0.2k-16.el7_6.1.s390x.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nopenssl-1.0.2k-16.el7_6.1.src.rpm\n\nx86_64:\nopenssl-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-devel-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-libs-1.0.2k-16.el7_6.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nopenssl-debuginfo-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-debuginfo-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-perl-1.0.2k-16.el7_6.1.x86_64.rpm\nopenssl-static-1.0.2k-16.el7_6.1.i686.rpm\nopenssl-static-1.0.2k-16.el7_6.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-5407\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXIj7zdzjgjWX9erEAQiieQ//TzEytTXxxzNqnsMz3yxbDgb1jni0dPYx\n6If80sSKu32kPgoTUgTcoJ27jUIpupYHJj3ml1zhF0zTqMAd2fYXkl2/0HSzbX6z\nw7FKXiRuzoA8JNG+bbqNjLhwsJBP4Avqfi/S9Z/s/0v93ep54Aqo9pmxfZYJuUMQ\nGncD2JcidZXLm1sky4PFl59D94szXdRkkzS3xxYcp37dyAUxwqOyzDPwbDA4q3CO\n4+TBL1hevmm5FSJjp/Bux70iEXubT+aGRM7Ab1Qex1h6rZjOfEgZabLOAJL9feGT\nmXPnML6DW96C4W9urZJZZcYJcZ34MfeH7TjaFKjfKeDIlb0fzdGuDqsrUXi95GjF\natGtjkXsu5n2Nh3QQNvTRs5N+0w1PSp5VMlrQbeizE0FQVH60z6EUUGlcKEQglof\nGs+pRtn7e9R/ncCNOrGAW0QbkmCGge3cg/kYlrJTt5dvQH1oSuG49ZqowG5It4vT\nkzIIDIhxrQrHE23eV7O1g48nV8/rPIZI6W2UuYs4sgQuWAtHx1gncWGXwiWRNtn1\n38Iqnd+UBpxwBgb+fYYwZ54SOpLXGeUa1pR+ZV2+ToEmGM1yHQ+DMVKhRlAojKYa\nqwSvm7HPdu7ceUkW3HTOwU8llXOGmXJ0UIr+reqIJBemRg/24NeHZ20a9qMeybEX\nt5ytPgxAFC4=jvvo\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1.1.0j-1~deb9u1. \n\nFor the detailed security status of openssl please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/openssl\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlwBuAcACgkQEMKTtsN8\nTjZbBw/+MOB5+pZbCHHXyH3IeD+yj+tSPvmNc3SCwdEtUxGXr0ZX7TKHfaLs/8s6\nUdto0K8a1FvjrcUQCfhnFpNcSAv9pxX13Fr6Pd560miIfAu9/5jAqiCufCoiz+xj\n45LNJGlaxxaFjgBGCitZSJA0Fc4SM6v5XFyJfR3kChdQ/3kGQbbMNAp16Fy3ZsxJ\nVXwviomUxmmmdvjxyhifTIpuwr9OiJSQ+13etQjTDQ3pzSbLBPSOxmpV0vPIC7I2\nDwa4zuQXA/DF4G6l8T4rXCwCN4e4pwbTc8bbCjXeZK+iVAhnRD6wXlS3cc5IVAzx\n/qTa89LZU8B6ylcB6nodeAHLuZTC3Le8ndoxYz5S2/jHZMM/jCQNHYJemHWNbOqn\nq+e5W0D1fIVLiLoL/iHW5XhN6yJY2Ma7zjXMRBnkzJA9CTNIKgUjrSFz0Ud+wIM/\nu8QhNPwZ0hPd5IfSgIyWqmuQ5XzFYqAQvwT1gUJiK7tIvuT0VsSyKVaSZVbi4yrM\n9sxkZaP1UNLcTVCFw6A0KFwhb9z6kQtyH1MRkFPphmnb8jlHA3cTdPJkFUBi3VaT\n7izThm5/mVLbAjZ8X7nkqnzWzmc885j0ml3slDd/MOVWB5CD3vFAcI8k3VZr3A61\nP2gNSN6UbAbLMGsxgs3hYUHgazi7MdXJ/aNavjGSbYBNL780Iaw=3Qji\n-----END PGP SIGNATURE-----\n. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nTomcat Servlet container, JBoss HTTP Connector (mod_cluster), the\nPicketLink Vault extension for Apache Tomcat, and the Tomcat Native\nlibrary. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-5407"
},
{
"db": "BID",
"id": "105897"
},
{
"db": "VULHUB",
"id": "VHN-135438"
},
{
"db": "PACKETSTORM",
"id": "169678"
},
{
"db": "PACKETSTORM",
"id": "150437"
},
{
"db": "PACKETSTORM",
"id": "152240"
},
{
"db": "PACKETSTORM",
"id": "155414"
},
{
"db": "PACKETSTORM",
"id": "155417"
},
{
"db": "PACKETSTORM",
"id": "155413"
},
{
"db": "PACKETSTORM",
"id": "152071"
},
{
"db": "PACKETSTORM",
"id": "150561"
},
{
"db": "PACKETSTORM",
"id": "155415"
}
],
"trust": 2.07
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-135438",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-135438"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2018-5407",
"trust": 2.9
},
{
"db": "TENABLE",
"id": "TNS-2018-16",
"trust": 2.0
},
{
"db": "BID",
"id": "105897",
"trust": 2.0
},
{
"db": "TENABLE",
"id": "TNS-2018-17",
"trust": 1.7
},
{
"db": "EXPLOIT-DB",
"id": "45785",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "152084",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201811-279",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "155414",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.0514",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4293",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0644.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4405",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0696",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0811",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0481",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0529",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3390.4",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "155413",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "152240",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "152071",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "155415",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "150138",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "152241",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-135438",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169678",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150437",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "155417",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150561",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-135438"
},
{
"db": "BID",
"id": "105897"
},
{
"db": "PACKETSTORM",
"id": "169678"
},
{
"db": "PACKETSTORM",
"id": "150437"
},
{
"db": "PACKETSTORM",
"id": "152240"
},
{
"db": "PACKETSTORM",
"id": "155414"
},
{
"db": "PACKETSTORM",
"id": "155417"
},
{
"db": "PACKETSTORM",
"id": "155413"
},
{
"db": "PACKETSTORM",
"id": "152071"
},
{
"db": "PACKETSTORM",
"id": "150561"
},
{
"db": "PACKETSTORM",
"id": "155415"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-279"
},
{
"db": "NVD",
"id": "CVE-2018-5407"
}
]
},
"id": "VAR-201811-0912",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-135438"
}
],
"trust": 0.01
},
"last_update_date": "2026-03-09T22:49:51.465000Z",
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-200",
"trust": 1.1
},
{
"problemtype": "CWE-203",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-135438"
},
{
"db": "NVD",
"id": "CVE-2018-5407"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.4,
"url": "https://access.redhat.com/errata/rhsa-2019:0483"
},
{
"trust": 2.4,
"url": "https://access.redhat.com/errata/rhsa-2019:3929"
},
{
"trust": 2.4,
"url": "https://access.redhat.com/errata/rhsa-2019:3931"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/105897"
},
{
"trust": 2.0,
"url": "https://www.tenable.com/security/tns-2018-16"
},
{
"trust": 2.0,
"url": "https://github.com/bbbrumley/portsmash"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:0652"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:3932"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2019:3935"
},
{
"trust": 1.7,
"url": "https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20181126-0001/"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"trust": 1.7,
"url": "https://www.tenable.com/security/tns-2018-17"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2018/dsa-4348"
},
{
"trust": 1.7,
"url": "https://www.debian.org/security/2018/dsa-4355"
},
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/45785/"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/201903-10"
},
{
"trust": 1.7,
"url": "https://eprint.iacr.org/2018/1060.pdf"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2019:0651"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2019:2125"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2019:3933"
},
{
"trust": 1.7,
"url": "https://usn.ubuntu.com/3840-1/"
},
{
"trust": 1.0,
"url": "https://support.f5.com/csp/article/k49711130?utm_source=f5support\u0026amp%3butm_medium=rss"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2018-5407"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5407"
},
{
"trust": 0.6,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "https://support.f5.com/csp/article/k49711130?utm_source=f5support\u0026utm_medium=rss"
},
{
"trust": 0.6,
"url": "https://support.symantec.com/us/en/article.symsa1490.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1096270"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1106139"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1106487"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1106553"
},
{
"trust": 0.6,
"url": "http://www.ibm.com/support/docview.wss"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/75658"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0696"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/76338"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-tivoli-netcool-system-service-monitors-application-service-monitors-cve-2018-5407cve-2020-1967cve-2018-0734cve-2019-1563cve-2019/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1106493"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155414/red-hat-security-advisory-2019-3935-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4405/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0529/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/152084/gentoo-linux-security-advisory-201903-10.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4293/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10869830"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/77062"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1143442"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/1118487"
},
{
"trust": 0.6,
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10870936"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3390.4/"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-spectrum-protect-plus-cve-2018-0735-cve-2018-0734-cve-2018-5407/"
},
{
"trust": 0.6,
"url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10873310"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/75802"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.5,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.4,
"url": "https://www.openssl.org/news/secadv/20181112.txt"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0734"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.3,
"url": "https://www.openssl.org/news/cl102.txt"
},
{
"trust": 0.3,
"url": "http://openssl.org/"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1645695"
},
{
"trust": 0.3,
"url": "https://www.openssl.org/news/openssl-1.0.2-notes.html"
},
{
"trust": 0.3,
"url": "https://www.oracle.com/technetwork/topics/security/bulletinjan2019-5251593.html"
},
{
"trust": 0.3,
"url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory29.asc"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0737"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9513"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9511"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9517"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0197"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17199"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9511"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17189"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9517"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-0737"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-17199"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9516"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9513"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-0217"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0217"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-0197"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-17189"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9516"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-0196"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0196"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-0734"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-10072"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-0221"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1559"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-1559"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0221"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10072"
},
{
"trust": 0.1,
"url": "https://support.f5.com/csp/article/k49711130?utm_source=f5support\u0026amp;amp;utm_medium=rss"
},
{
"trust": 0.1,
"url": "https://www.openssl.org/policies/secpolicy.html"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0734"
},
{
"trust": 0.1,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5407"
},
{
"trust": 0.1,
"url": "http://slackware.com"
},
{
"trust": 0.1,
"url": "http://osuosl.org)"
},
{
"trust": 0.1,
"url": "http://slackware.com/gpg-key"
},
{
"trust": 0.1,
"url": "https://docs.ansible.com/ansible-tower/latest/html/release-notes/index.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3838"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3838"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3835"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-3835"
},
{
"trust": 0.1,
"url": "https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0732"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/openssl"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0735"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/5.2/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-135438"
},
{
"db": "BID",
"id": "105897"
},
{
"db": "PACKETSTORM",
"id": "169678"
},
{
"db": "PACKETSTORM",
"id": "150437"
},
{
"db": "PACKETSTORM",
"id": "152240"
},
{
"db": "PACKETSTORM",
"id": "155414"
},
{
"db": "PACKETSTORM",
"id": "155417"
},
{
"db": "PACKETSTORM",
"id": "155413"
},
{
"db": "PACKETSTORM",
"id": "152071"
},
{
"db": "PACKETSTORM",
"id": "150561"
},
{
"db": "PACKETSTORM",
"id": "155415"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-279"
},
{
"db": "NVD",
"id": "CVE-2018-5407"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-135438",
"ident": null
},
{
"db": "BID",
"id": "105897",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "169678",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "150437",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "152240",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "155414",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "155417",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "155413",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "152071",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "150561",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "155415",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201811-279",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2018-5407",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2018-11-15T00:00:00",
"db": "VULHUB",
"id": "VHN-135438",
"ident": null
},
{
"date": "2018-10-30T00:00:00",
"db": "BID",
"id": "105897",
"ident": null
},
{
"date": "2018-11-12T12:12:12",
"db": "PACKETSTORM",
"id": "169678",
"ident": null
},
{
"date": "2018-11-22T23:23:23",
"db": "PACKETSTORM",
"id": "150437",
"ident": null
},
{
"date": "2019-03-27T00:33:09",
"db": "PACKETSTORM",
"id": "152240",
"ident": null
},
{
"date": "2019-11-20T23:02:22",
"db": "PACKETSTORM",
"id": "155414",
"ident": null
},
{
"date": "2019-11-20T21:11:11",
"db": "PACKETSTORM",
"id": "155417",
"ident": null
},
{
"date": "2019-11-20T20:32:22",
"db": "PACKETSTORM",
"id": "155413",
"ident": null
},
{
"date": "2019-03-13T14:25:37",
"db": "PACKETSTORM",
"id": "152071",
"ident": null
},
{
"date": "2018-12-03T21:06:37",
"db": "PACKETSTORM",
"id": "150561",
"ident": null
},
{
"date": "2019-11-20T20:44:44",
"db": "PACKETSTORM",
"id": "155415",
"ident": null
},
{
"date": "2018-11-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-279",
"ident": null
},
{
"date": "2018-11-15T21:29:00.233000",
"db": "NVD",
"id": "CVE-2018-5407",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2020-09-18T00:00:00",
"db": "VULHUB",
"id": "VHN-135438",
"ident": null
},
{
"date": "2019-01-17T10:00:00",
"db": "BID",
"id": "105897",
"ident": null
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-279",
"ident": null
},
{
"date": "2024-11-21T04:08:45.530000",
"db": "NVD",
"id": "CVE-2018-5407",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "local",
"sources": [
{
"db": "BID",
"id": "105897"
},
{
"db": "PACKETSTORM",
"id": "169678"
},
{
"db": "PACKETSTORM",
"id": "150561"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-279"
}
],
"trust": 1.1
},
"title": {
"_id": null,
"data": "OpenSSL Information disclosure vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-279"
}
],
"trust": 0.6
},
"type": {
"_id": null,
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-279"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.