CVE-2018-16868
Publication date 3 December 2018
Last updated 24 July 2024
Ubuntu priority
A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| gnutls26 | ||
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Ignored change too intrusive | |
| gnutls28 | ||
| 22.04 LTS jammy |
Fixed 3.6.5-2ubuntu1
|
|
| 20.04 LTS focal |
Fixed 3.6.5-2ubuntu1
|
|
| 18.04 LTS bionic | Ignored change too intrusive | |
| 16.04 LTS xenial | Ignored change too intrusive | |
| 14.04 LTS trusty | Not in release |
Notes
mdeslaur
Fixing this requires fixing CVE-2018-16869 in nettle first, but nettle changes are too intrusive to backport to stable releases. In addition, the upstream gnutls28 fix appears to break OpenPGP support when backported to the version in bionic.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
5.6 · Medium
|
| Attack vector | Physical |
| Attack complexity | High |
| Privileges required | Low |
| User interaction | None |
| Scope | Changed |
| Confidentiality | High |
| Integrity impact | Low |
| Availability impact | None |
| Vector | CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N |