CVE-2018-16868

Note

Fixing this requires fixing CVE-2018-16869 in nettle first, but
nettle changes are too intrusive to backport to stable releases.
In addition, the upstream gnutls28 fix appears to break OpenPGP
support when backported to the version in bionic.

Package	Release	Status
gnutls26 Launchpad, Ubuntu, Debian	groovy	Does not exist
	jammy	Does not exist
	kinetic	Does not exist
	bionic	Does not exist
	cosmic	Does not exist
	disco	Does not exist
	eoan	Does not exist
	focal	Does not exist
	hirsute	Does not exist
	impish	Does not exist
	trusty	Ignored (change too intrusive)
	upstream	Needs triage
	xenial	Does not exist
	lunar	Does not exist
gnutls28 Launchpad, Ubuntu, Debian	groovy	Released (3.6.5-2ubuntu1)
	jammy	Released (3.6.5-2ubuntu1)
	kinetic	Released (3.6.5-2ubuntu1)
	bionic	Ignored (change too intrusive)
	cosmic	Ignored (end of life)
	disco	Released (3.6.5-2ubuntu1)
	eoan	Released (3.6.5-2ubuntu1)
	focal	Released (3.6.5-2ubuntu1)
	hirsute	Released (3.6.5-2ubuntu1)
	impish	Released (3.6.5-2ubuntu1)
	lunar	Released (3.6.5-2ubuntu1)
	trusty	Does not exist (trusty was needed)
	upstream	Released (3.6.5-2)
	xenial	Ignored (change too intrusive)
	Patches: upstream: https://gitlab.com/gnutls/gnutls/commit/4804febddc2ed958e5ae774de2a8f85edeeff538 (3.6) upstream: https://gitlab.com/gnutls/gnutls/commit/ed3bdddab73c792364deec423b2c2c498a939a64 (3.6)

Parameter	Value
Base score	5.6
Attack vector	Physical
Attack complexity	High
Privileges required	Low
User interaction	None
Scope	Changed
Confidentiality	High
Integrity impact	Low
Availability impact	None
Vector	CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

Security

CVE-2018-16868

Notes

Priority

Cvss 3 Severity Score

Status

Severity score breakdown

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Further reading