CVE-2012-2146

Publication date 26 August 2012

Last updated 24 July 2024

Ubuntu priority

Medium

Why this priority?

Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique initialization vector (IV), which makes it easier for context-dependent users to obtain sensitive information and decrypt the database.

From the Ubuntu Security Team

It was discovered that Elixir fails to construct a unique initialization vector (IV) with Blowfish. An attacker could possibly use this to make decryption easier.

Status

Package Ubuntu Release Status
elixir 18.10 cosmic
Not affected
18.04 LTS bionic
Not affected
17.10 artful Ignored end of life
17.04 zesty Ignored end of life
16.10 yakkety Ignored end of life
16.04 LTS xenial
Fixed 0.7.1-4build0.16.04.1
15.10 wily Ignored end of life
15.04 vivid Ignored end of life
14.10 utopic Ignored end of life
14.04 LTS trusty
Fixed 0.7.1-4build0.14.04.1
13.10 saucy Ignored end of life
13.04 raring Ignored end of life
12.10 quantal Ignored end of life
12.04 LTS precise Ignored end of life
11.10 oneiric Ignored end of life
11.04 natty Ignored end of life
10.04 LTS lucid Ignored end of life
8.04 LTS hardy Ignored end of life