CVE-2020-1968

Published: 09 September 2020

The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The attack can only be exploited if an implementation re-uses a DH secret across multiple TLS connections. Note that this issue only impacts DH ciphersuites and not ECDH ciphersuites. This issue affects OpenSSL 1.0.2 which is out of support and no longer receiving public updates. OpenSSL 1.1.1 is not vulnerable to this issue. Fixed in OpenSSL 1.0.2w (Affected 1.0.2-1.0.2v).

Priority

Low

CVSS 3 base score: 3.7

Status

Package Release Status
edk2
Launchpad, Ubuntu, Debian 		Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(uses openssl 1.1.1)
Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(uses openssl 1.1.1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(uses openssl 1.1.1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(uses openssl 1.1.0)
Ubuntu 16.04 LTS (Xenial Xerus) Needed

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

nodejs
Launchpad, Ubuntu, Debian 		Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(uses system openssl1.1)
Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(uses system openssl1.1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(uses system openssl1.1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(uses system openssl1.0)
Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable
(uses system openssl)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(uses system openssl)
openssl
Launchpad, Ubuntu, Debian 		Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(1.1.1f-1ubuntu3)
Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(1.1.1f-1ubuntu3)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(1.1.1f-1ubuntu2)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(1.1.1-1ubuntu2.1~18.04.6)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (1.0.2g-1ubuntu4.17)
Ubuntu 14.04 ESM (Trusty Tahr) Needs triage

openssl1.0
Launchpad, Ubuntu, Debian 		Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Does not exist

Ubuntu 20.10 (Groovy Gorilla) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver)
Released (1.0.2n-1ubuntu5.4)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

References

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM

Further reading