Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cloudfoundryCloud FoundryCFOUNDRY:BDB6F8275A06CC11A9EB2C43CBB82E42
HistoryJul 10, 2018 - 12:00 a.m.

USN-3692-1: OpenSSL vulnerabilities | Cloud Foundry

2018-07-1000:00:00
Cloud Foundry
www.cloudfoundry.org
293

0.042 Low

EPSS

Percentile

92.3%

JSON

Severity

Medium

Vendor

Canonical Ubuntu

Versions Affected

  • Canonical Ubuntu 14.04

Description

Keegan Ryan discovered that OpenSSL incorrectly handled ECDSA key generation. An attacker could possibly use this issue to perform a cache-timing attack and recover private ECDSA keys. (CVE-2018-0495)

Guido Vranken discovered that OpenSSL incorrectly handled very large prime values during a key agreement. A remote attacker could possibly use this issue to consume resources, leading to a denial of service. (CVE-2018-0732)

Alejandro Cabrera Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia discovered that OpenSSL incorrectly handled RSA key generation. An attacker could possibly use this issue to perform a cache-timing attack and recover private RSA keys. (CVE-2018-0737)

Affected Cloud Foundry Products and Versions

Severity is medium unless otherwise noted.

  • Cloud Foundry BOSH stemcells are vulnerable, including:
    • 3586.x versions prior to 3586.25
    • 3541.x versions prior to 3541.35
    • 3468.x versions prior to 3468.53
    • 3445.x versions prior to 3445.53
    • 3421.x versions prior to 3421.68
    • 3363.x versions prior to 3363.67
    • All other stemcells not listed.
  • All versions of Cloud Foundry cflinuxfs2 prior to 1.221.0

Mitigation

OSS users are strongly encouraged to follow one of the mitigations below:

  • The Cloud Foundry project recommends upgrading the following BOSH stemcells:
    • Upgrade 3586.x versions to 3586.25
    • Upgrade 3541.x versions to 3541.35
    • Upgrade 3468.x versions to 3468.53
    • Upgrade 3445.x versions to 3445.53
    • Upgrade 3421.x versions to 3421.68
    • Upgrade 3363.x versions to 3363.67
    • All other stemcells should be upgraded to the latest version available on bosh.io.
  • The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 version 1.221.0 or later.

References

Related

ubuntu 4
openvas 45
nessus 58
oraclelinux 7
fedora 4
mageia 1
ibm 27
symantec 2
osv 5
altlinux 1
slackware 2
suse 6
redhat 3
centos 1
debian 4
paloalto 1
amazon 3
cloudlinux 1
nodejsblog 1
archlinux 1
ubuntucve 1
cvelist 3
freebsd 2
alpinelinux 1
redhatcve 1
nvd 2
prion 2
photon 1
cloudfoundry 1
veracode 2
debiancve 2
f5 1
hackerone 1
aix 1
cve 1
ubuntu
ubuntu
OpenSSL vulnerabilities
2018-06-26 00:00:00
OpenSSL vulnerabilities
2018-06-26 00:00:00
Libgcrypt vulnerability
2018-06-19 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-3692-1)
2018-06-27 00:00:00
Ubuntu: Security Advisory (USN-3692-2)
2022-08-26 00:00:00
OpenSSL: 1.0.2 < 1.0.2p / 1.1.0 < 1.1.0i Multiple Vulnerabilities - Linux
2018-04-23 00:00:00
nessus
nessus
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : OpenSSL vulnerabilities (USN-3692-1)
2018-06-27 00:00:00
Debian DLA-1449-1 : openssl security update
2018-07-30 00:00:00
Fedora 27 : 1:openssl (2018-02a38af202)
2018-10-03 00:00:00
oraclelinux
oraclelinux
openssl security update
2018-10-15 00:00:00
openssl security, bug fix, and enhancement update
2018-11-05 00:00:00
openssl security update
2018-10-12 00:00:00
fedora
fedora
[SECURITY] Fedora 28 Update: openssl-1.1.0i-1.fc28
2018-09-22 20:52:36
[SECURITY] Fedora 27 Update: openssl-1.1.0i-1.fc27
2018-10-02 15:03:41
[SECURITY] Fedora 27 Update: libgcrypt-1.8.3-1.fc27
2018-06-17 19:45:43
mageia
mageia
Updated openssl packages fix security vulnerabilities
2018-09-02 22:07:30
ibm
ibm
Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in OpenSSL (CVE-2018-0732 CVE-2018-0737)
2023-12-07 22:45:02
Security Bulletin: Vulnerabilities in OpenSSL affect PowerKVM
2018-12-17 15:00:02
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Virtual Environments: Data Protection for VMware (CVE-2018-0737, CVE-2018-0732)
2019-04-02 15:50:02
symantec
symantec
OpenSSL Vulnerabilities 16-Apr-2018 and 12-Jun-2018
2018-10-10 08:01:01
OpenSSL CVE-2018-0732 Denial of Service Vulnerability
2018-06-12 00:00:00
osv
osv
openssl - security update
2018-07-28 00:00:00
openssl1.0 - security update
2018-12-19 00:00:00
openssl - security update
2018-11-30 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl10 version 1.0.2p-alt1
2018-08-16 00:00:00
slackware
slackware
[slackware-security] openssl
2018-08-15 00:18:35
[slackware-security] libgcrypt
2018-06-13 22:09:13
suse
suse
Security update for openssl-1_0_0 (moderate)
2018-10-05 12:11:01
Security update for compat-openssl098 (moderate)
2018-09-12 12:09:38
Security update for openssl (moderate)
2018-09-30 18:09:41
redhat
redhat
(RHSA-2018:3221) Moderate: openssl security, bug fix, and enhancement update
2018-10-30 04:31:37
(RHSA-2019:1297) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP2 security update
2019-05-30 14:46:40
(RHSA-2019:1296) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP2 security update
2019-05-30 14:46:35
centos
centos
openssl security update
2018-11-15 18:50:49
debian
debian
[SECURITY] [DLA 1449-1] openssl security update
2018-07-28 03:56:18
[SECURITY] [DSA 4355-1] openssl1.0 security update
2018-12-19 22:29:59
[SECURITY] [DSA 4231-1] libgcrypt20 security update
2018-06-17 18:53:17
paloalto
paloalto
OpenSSL Vulnerabilities in PAN-OS
2018-10-11 00:00:00
amazon
amazon
Medium: openssl
2018-11-07 22:07:00
Low: openssl
2018-04-19 17:38:00
Medium: openssl
2018-10-30 20:50:00
cloudlinux
cloudlinux
Fix of CVE: CVE-2018-0739, CVE-2018-0737, CVE-2021-3712, CVE-2018-0732
2021-09-21 22:11:57
nodejsblog
nodejsblog
August 2018 Security Releases
2018-08-11 00:00:00
archlinux
archlinux
[ASA-201806-10] libgcrypt: private key recovery
2018-06-16 00:00:00
ubuntucve
ubuntucve
CVE-2018-0495
2018-06-13 00:00:00
cvelist
cvelist
CVE-2018-0495
2018-06-13 23:00:00
CVE-2018-0737 Cache timing vulnerability in RSA Key Generation
2018-04-16 00:00:00
CVE-2018-0732 Client DoS due to large DH parameter
2018-06-12 00:00:00
freebsd
freebsd
libgcrypt -- side-channel attack vulnerability
2018-06-13 00:00:00
OpenSSL -- Cache timing vulnerability
2018-04-16 00:00:00
alpinelinux
alpinelinux
CVE-2018-0495
2018-06-13 23:29:00
redhatcve
redhatcve
CVE-2018-0495
2018-06-14 08:19:05
nvd
nvd
CVE-2018-0495
2018-06-13 23:29:00
CVE-2018-0732
2018-06-12 13:29:00
prion
prion
Memory corruption
2018-06-13 23:29:00
Design/Logic Flaw
2018-04-16 18:29:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-2.0-0078
2018-07-30 00:00:00
cloudfoundry
cloudfoundry
USN-3689-1: Libgcrypt vulnerability | Cloud Foundry
2018-07-10 00:00:00
veracode
veracode
Side-channel Attack
2019-06-03 00:25:00
Denial Of Service (DoS)
2018-06-13 03:48:25
debiancve
debiancve
CVE-2018-0495
2018-06-13 23:29:00
CVE-2018-0732
2018-06-12 13:29:00
f5
f5
K21665601 : OpenSSL vulnerability CVE-2018-0732
2018-07-20 00:00:00
hackerone
hackerone
Internet Bug Bounty: Client DoS due to large DH parameter (CVE-2018-0732)
2018-06-12 11:15:31
aix
aix
Vulnerability in OpenSSL affects AIX (CVE-2018-0732)
2018-09-19 08:44:29
cve
cve
CVE-2018-0732
2018-06-12 13:29:00

0.042 Low

EPSS

Percentile

92.3%

JSON
Related for CFOUNDRY:BDB6F8275A06CC11A9EB2C43CBB82E42
ubuntu4openvas45nessus58oraclelinux7fedora4mageia1ibm27symantec2osv5altlinux1slackware2suse6redhat3centos1debian4paloalto1amazon3cloudlinux1nodejsblog1archlinux1ubuntucve1cvelist3freebsd2alpinelinux1redhatcve1nvd2prion2photon1cloudfoundry1veracode2debiancve2f51hackerone1aix1cve1