1
PublicDateAtUSN: 2018-06-13
2
Candidate: CVE-2018-0495
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495
6
https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/
7
https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html
8
https://usn.ubuntu.com/usn/usn-3689-1
9
https://usn.ubuntu.com/usn/usn-3689-2
11
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache
12
side-channel attack on ECDSA signatures that can be mitigated through the
13
use of blinding during the signing process in the _gcry_ecc_ecdsa_sign
14
function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem
15
or ROHNP. To discover an ECDSA key, the attacker needs access to either the
16
local machine or a different virtual machine on the same physical host.
20
https://dev.gnupg.org/T4011
22
Discovered-by: Keegan Ryan
27
upstream: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965
28
upstream_libgcrypt20: released (1.7.10,1.8.3)
29
precise/esm_libgcrypt20: DNE
30
trusty_libgcrypt20: needed
31
xenial_libgcrypt20: released (1.6.5-2ubuntu0.5)
32
artful_libgcrypt20: released (1.7.8-2ubuntu1.1)
33
bionic_libgcrypt20: released (1.8.1-4ubuntu1.1)
34
devel_libgcrypt20: needed
37
upstream_libgcrypt11: needs-triage
38
precise/esm_libgcrypt11: released (1.5.0-3ubuntu0.8)
39
trusty_libgcrypt11: released (1.5.3-2ubuntu4.6)
40
vivid/ubuntu-core_libgcrypt11: DNE
41
xenial_libgcrypt11: DNE
42
yakkety_libgcrypt11: DNE
43
zesty_libgcrypt11: DNE
44
artful_libgcrypt11: DNE
45
bionic_libgcrypt11: DNE
46
devel_libgcrypt11: DNE
49
upstream: https://git.openssl.org/?p=openssl.git;a=commit;h=949ff36623eafc3523a9f91784992965018ffb05 (1.0.2)
50
upstream: https://git.openssl.org/?p=openssl.git;a=commit;h=0c27d793745c7837b13646302b6890a556b7017a (1.1)
51
upstream_openssl: needs-triage
52
precise/esm_openssl: needed
53
trusty_openssl: needed
54
xenial_openssl: needed
55
artful_openssl: needed
56
bionic_openssl: needed
60
upstream_openssl098: needs-triage
61
precise/esm_openssl098: DNE
62
trusty_openssl098: needs-triage
63
xenial_openssl098: DNE
64
artful_openssl098: DNE
65
bionic_openssl098: DNE
69
upstream_openssl1.0: needs-triage
70
precise/esm_openssl1.0: DNE
71
trusty_openssl1.0: DNE
72
xenial_openssl1.0: DNE
73
artful_openssl1.0: DNE
74
bionic_openssl1.0: needed
75
devel_openssl1.0: needed
78
upstream: https://hg.mozilla.org/projects/nss/rev/ca18ca4ba00d
79
upstream_nss: needs-triage
80
precise/esm_nss: needs-triage
81
trusty_nss: needs-triage
82
xenial_nss: needs-triage
83
artful_nss: needs-triage
84
bionic_nss: needs-triage
85
devel_nss: needs-triage