Ubuntu

OpenSSL CVE-2018-5407 patches

Asked by Oleksii Ovcharenko on 2018-11-05

Hello,

How would we fix CVE-2018-5407 in Ubuntu 16.04 specifically for OpenSSL? According to https://bugzilla.redhat.com/show_bug.cgi?id=1645695 timing attack mitigation patches were available in stable OpenSSL branch since April (https://github.com/openssl/openssl/commit/aab7c770353b1dc4ba045938c8fb446dd1c4531e#diff-40a9b7f560ef4410b988fafff6e79928). Our main concern what in Cloud environment you don't have control over physical host settings.

Yours,
Aleksey

Question information

Language:: English Edit question

Status:: Answered

For:: Ubuntu Edit question

Assignee:: No assignee Edit question

Last query:: 2018-11-05

Last reply:: 2018-11-06

Link existing bug

Revision history for this message

Manfred Hampl (m-hampl) said on 2018-11-06:

#1

The issue is already known
https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5407.html

Last update of that page was yesterday, so I assume that there currently work is being done on that problem.

Can you help with this problem?

Provide an answer of your own, or ask Oleksii Ovcharenko for more information if necessary.

To post a message you must log in.

Ask a question

Edit question

Subscribers