OpenSSL CVE-2018-5407 patches

Asked by Oleksii Ovcharenko on 2018-11-05

Hello,

How would we fix CVE-2018-5407 in Ubuntu 16.04 specifically for OpenSSL? According to https://bugzilla.redhat.com/show_bug.cgi?id=1645695 timing attack mitigation patches were available in stable OpenSSL branch since April (https://github.com/openssl/openssl/commit/aab7c770353b1dc4ba045938c8fb446dd1c4531e#diff-40a9b7f560ef4410b988fafff6e79928). Our main concern what in Cloud environment you don't have control over physical host settings.

Yours,
Aleksey

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu Edit question
Assignee:
No assignee Edit question
Last query:
2018-11-05
Last reply:
2018-11-06
Manfred Hampl (m-hampl) said : #1

The issue is already known
https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5407.html

Last update of that page was yesterday, so I assume that there currently work is being done on that problem.

Can you help with this problem?

Provide an answer of your own, or ask Oleksii Ovcharenko for more information if necessary.

To post a message you must log in.