CVE-2018-16868

Published: 03 December 2018

A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.

Priority

Low

CVSS 3 base score: 5.6

Status

Package Release Status
gnutls26
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Needs triage

gnutls28
Launchpad, Ubuntu, Debian
Upstream
Released (3.6.5-2)
Ubuntu 21.04 (Hirsute Hippo)
Released (3.6.5-2ubuntu1)
Ubuntu 20.04 LTS (Focal Fossa)
Released (3.6.5-2ubuntu1)
Ubuntu 18.04 LTS (Bionic Beaver) Needed

Ubuntu 16.04 ESM (Xenial Xerus) Needed

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)
Patches:
Upstream: https://gitlab.com/gnutls/gnutls/commit/4804febddc2ed958e5ae774de2a8f85edeeff538 (3.6)
Upstream: https://gitlab.com/gnutls/gnutls/commit/ed3bdddab73c792364deec423b2c2c498a939a64 (3.6)

Notes

AuthorNote
mdeslaur
Fixing this requires fixing CVE-2018-16869 in nettle first, but
nettle changes are too intrusive to backport to stable releases.
In addition, the upstream gnutls28 fix appears to break OpenPGP
support when backported to the version in bionic.

References

Bugs