Vulnerabilities > CVE-2018-0495 - Information Exposure Through Discrepancy vulnerability in multiple products

047910
CVSS 4.7 - MEDIUM
Attack vector
LOCAL
Attack complexity
HIGH
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
local
high complexity
gnupg
canonical
debian
redhat
oracle
CWE-203
nessus

Summary

Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.

Vulnerable Configurations

Part Description Count
Application
Gnupg
105
Application
Redhat
1
Application
Oracle
1
OS
Canonical
6
OS
Debian
2
OS
Redhat
3

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-1_0-0182.NASL
    descriptionAn update of 'libsoup', 'libgcrypt' packages of Photon OS has been released.
    last seen2019-02-21
    modified2019-02-07
    plugin id117396
    published2018-09-10
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=117396
    titlePhoton OS 1.0: Libgcrypt / Libsoup PHSA-2018-1.0-0182 (deprecated)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # @DEPRECATED@
    #
    # Disabled on 2/7/2019
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2018-1.0-0182. The text
    # itself is copyright (C) VMware, Inc.
    
    include("compat.inc");
    
    if (description)
    {
      script_id(117396);
      script_version("1.2");
      script_cvs_date("Date: 2019/02/07 18:59:50");
    
      script_cve_id("CVE-2018-0495", "CVE-2018-12910");
    
      script_name(english:"Photon OS 1.0: Libgcrypt / Libsoup PHSA-2018-1.0-0182 (deprecated)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "This plugin has been deprecated.");
      script_set_attribute(attribute:"description", value:
    "An update of 'libsoup', 'libgcrypt' packages of Photon OS has been
    released.");
      script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-1.0-182");
      script_set_attribute(attribute:"solution", value:"n/a.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-12910");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2018/09/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/09/10");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:libgcrypt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:libsoup");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    exit(0, "This plugin has been deprecated.");
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    pkgs = [
      "libgcrypt-1.7.6-4.ph1",
      "libgcrypt-debuginfo-1.7.6-4.ph1",
      "libgcrypt-devel-1.7.6-4.ph1",
      "libsoup-2.53.90-4.ph1",
      "libsoup-debuginfo-2.53.90-4.ph1",
      "libsoup-devel-2.53.90-4.ph1",
      "libsoup-doc-2.53.90-4.ph1",
      "libsoup-lang-2.53.90-4.ph1"
    ];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"PhotonOS-1.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libgcrypt / libsoup");
    }
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2018-3221.NASL
    descriptionAn update for openssl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es) : * openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495) * openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang (CVE-2018-0732) * openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service (CVE-2018-0739) * openssl: Malformed X.509 IPAdressFamily could cause OOB read (CVE-2017-3735) * openssl: RSA key generation cache timing vulnerability in crypto/rsa/ rsa_gen.c allows attackers to recover private keys (CVE-2018-0737) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id118998
    published2018-11-16
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118998
    titleCentOS 7 : openssl (CESA-2018:3221)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2018:3221 and 
    # CentOS Errata and Security Advisory 2018:3221 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(118998);
      script_version("1.3");
      script_cvs_date("Date: 2019/12/31");
    
      script_cve_id("CVE-2017-3735", "CVE-2018-0495", "CVE-2018-0732", "CVE-2018-0737", "CVE-2018-0739");
      script_xref(name:"RHSA", value:"2018:3221");
    
      script_name(english:"CentOS 7 : openssl (CESA-2018:3221)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for openssl is now available for Red Hat Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL)
    and Transport Layer Security (TLS) protocols, as well as a
    full-strength general-purpose cryptography library.
    
    Security Fix(es) :
    
    * openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto
    Libraries (CVE-2018-0495)
    
    * openssl: Malicious server can send large prime to client during
    DH(E) TLS handshake causing the client to hang (CVE-2018-0732)
    
    * openssl: Handling of crafted recursive ASN.1 structures can cause a
    stack overflow and resulting denial of service (CVE-2018-0739)
    
    * openssl: Malformed X.509 IPAdressFamily could cause OOB read
    (CVE-2017-3735)
    
    * openssl: RSA key generation cache timing vulnerability in
    crypto/rsa/ rsa_gen.c allows attackers to recover private keys
    (CVE-2018-0737)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, and other related information, refer to the CVE page(s)
    listed in the References section.
    
    Additional Changes :
    
    For detailed information on changes in this release, see the Red Hat
    Enterprise Linux 7.6 Release Notes linked from the References section."
      );
      # https://lists.centos.org/pipermail/centos-cr-announce/2018-November/005594.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?2d02fe63"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected openssl packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-3735");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:openssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:openssl-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:openssl-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:openssl-perl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:openssl-static");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/08/28");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/11/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/11/16");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 7.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"openssl-1.0.2k-16.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"openssl-devel-1.0.2k-16.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"openssl-libs-1.0.2k-16.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"openssl-perl-1.0.2k-16.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"openssl-static-1.0.2k-16.el7")) flag++;
    
    
    if (flag)
    {
      cr_plugin_caveat = '\n' +
        'NOTE: The security advisory associated with this vulnerability has a\n' +
        'fixed package version that may only be available in the continuous\n' +
        'release (CR) repository for CentOS, until it is present in the next\n' +
        'point release of CentOS.\n\n' +
    
        'If an equal or higher package level does not exist in the baseline\n' +
        'repository for your major version of CentOS, then updates from the CR\n' +
        'repository will need to be applied in order to address the\n' +
        'vulnerability.\n';
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get() + cr_plugin_caveat
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl / openssl-devel / openssl-libs / openssl-perl / etc");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1345.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1345 advisory. - ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495) - nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-23
    modified2020-04-07
    plugin id135250
    published2020-04-07
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135250
    titleRHEL 7 : nss-softokn (RHSA-2020:1345)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2020:1345. The text
    # itself is copyright (C) Red Hat, Inc.
    #
    
    
    include('compat.inc');
    
    if (description)
    {
      script_id(135250);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/21");
    
      script_cve_id("CVE-2018-0495", "CVE-2019-11745");
      script_bugtraq_id(107967);
      script_xref(name:"RHSA", value:"2020:1345");
    
      script_name(english:"RHEL 7 : nss-softokn (RHSA-2020:1345)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Red Hat host is missing one or more security updates.");
      script_set_attribute(attribute:"description", value:
    "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as
    referenced in the RHSA-2020:1345 advisory.
    
      - ROHNP: Key Extraction Side Channel in Multiple Crypto
        Libraries (CVE-2018-0495)
    
      - nss: Out-of-bounds write when passing an output buffer
        smaller than the block size to NSC_EncryptUpdate
        (CVE-2019-11745)
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number.");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/200.html");
      script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/787.html");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:1345");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2018-0495");
      script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-11745");
      script_set_attribute(attribute:"solution", value:
    "Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-11745");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_cwe_id(200, 787);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/06/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/04/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/07");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:rhel_aus:7.4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:rhel_aus:7.4::server");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:rhel_e4s:7.4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:rhel_e4s:7.4::server");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:rhel_tus:7.4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:rhel_tus:7.4::server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-softokn");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-softokn-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-softokn-freebl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nss-softokn-freebl-devel");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Red Hat Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include('audit.inc');
    include('global_settings.inc');
    include('misc_func.inc');
    include('rpm.inc');
    
    if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item('Host/RedHat/release');
    if (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
    os_ver = os_ver[1];
    if (! preg(pattern:"^7\.4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 7.4', 'Red Hat ' + os_ver);
    
    if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item('Host/cpu');
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
    
    pkgs = [
        {'reference':'nss-softokn-3.28.3-9.el7_4', 'sp':'4', 'cpu':'i686', 'release':'7'},
        {'reference':'nss-softokn-3.28.3-9.el7_4', 'sp':'4', 'cpu':'x86_64', 'release':'7'},
        {'reference':'nss-softokn-devel-3.28.3-9.el7_4', 'sp':'4', 'cpu':'i686', 'release':'7'},
        {'reference':'nss-softokn-devel-3.28.3-9.el7_4', 'sp':'4', 'cpu':'x86_64', 'release':'7'},
        {'reference':'nss-softokn-freebl-3.28.3-9.el7_4', 'sp':'4', 'cpu':'i686', 'release':'7'},
        {'reference':'nss-softokn-freebl-3.28.3-9.el7_4', 'sp':'4', 'cpu':'x86_64', 'release':'7'},
        {'reference':'nss-softokn-freebl-devel-3.28.3-9.el7_4', 'sp':'4', 'cpu':'i686', 'release':'7'},
        {'reference':'nss-softokn-freebl-devel-3.28.3-9.el7_4', 'sp':'4', 'cpu':'x86_64', 'release':'7'}
    ];
    
    flag = 0;
    foreach package_array ( pkgs ) {
      reference = NULL;
      release = NULL;
      sp = NULL;
      cpu = NULL;
      el_string = NULL;
      rpm_spec_vers_cmp = NULL;
      epoch = NULL;
      if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
      if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];
      if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
      if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
      if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
      if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
      if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
      if (reference && release) {
        if (rpm_spec_vers_cmp) {
          if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:TRUE)) flag++;
        }
        else
        {
          if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch)) flag++;
        }
      }
    }
    
    if (flag)
    {
      security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'nss-softokn / nss-softokn-devel / nss-softokn-freebl / etc');
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-3221.NASL
    descriptionFrom Red Hat Security Advisory 2018:3221 : An update for openssl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es) : * openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495) * openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang (CVE-2018-0732) * openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service (CVE-2018-0739) * openssl: Malformed X.509 IPAdressFamily could cause OOB read (CVE-2017-3735) * openssl: RSA key generation cache timing vulnerability in crypto/rsa/ rsa_gen.c allows attackers to recover private keys (CVE-2018-0737) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id118777
    published2018-11-07
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118777
    titleOracle Linux 7 : openssl (ELSA-2018-3221)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2018:3221 and 
    # Oracle Linux Security Advisory ELSA-2018-3221 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(118777);
      script_version("1.2");
      script_cvs_date("Date: 2019/09/27 13:00:39");
    
      script_cve_id("CVE-2017-3735", "CVE-2018-0495", "CVE-2018-0732", "CVE-2018-0737", "CVE-2018-0739");
      script_xref(name:"RHSA", value:"2018:3221");
    
      script_name(english:"Oracle Linux 7 : openssl (ELSA-2018-3221)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2018:3221 :
    
    An update for openssl is now available for Red Hat Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL)
    and Transport Layer Security (TLS) protocols, as well as a
    full-strength general-purpose cryptography library.
    
    Security Fix(es) :
    
    * openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto
    Libraries (CVE-2018-0495)
    
    * openssl: Malicious server can send large prime to client during
    DH(E) TLS handshake causing the client to hang (CVE-2018-0732)
    
    * openssl: Handling of crafted recursive ASN.1 structures can cause a
    stack overflow and resulting denial of service (CVE-2018-0739)
    
    * openssl: Malformed X.509 IPAdressFamily could cause OOB read
    (CVE-2017-3735)
    
    * openssl: RSA key generation cache timing vulnerability in
    crypto/rsa/ rsa_gen.c allows attackers to recover private keys
    (CVE-2018-0737)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, and other related information, refer to the CVE page(s)
    listed in the References section.
    
    Additional Changes :
    
    For detailed information on changes in this release, see the Red Hat
    Enterprise Linux 7.6 Release Notes linked from the References section."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2018-November/008197.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected openssl packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openssl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openssl-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openssl-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openssl-perl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openssl-static");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/08/28");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/11/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/11/07");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 7", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"openssl-1.0.2k-16.0.1.el7")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"openssl-devel-1.0.2k-16.0.1.el7")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"openssl-libs-1.0.2k-16.0.1.el7")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"openssl-perl-1.0.2k-16.0.1.el7")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"openssl-static-1.0.2k-16.0.1.el7")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openssl / openssl-devel / openssl-libs / openssl-perl / etc");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2175.NASL
    descriptionAccording to the version of the nss-softokn packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.(CVE-2018-0495) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-11-08
    plugin id130637
    published2019-11-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130637
    titleEulerOS 2.0 SP5 : nss-softokn (EulerOS-SA-2019-2175)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-4235-1.NASL
    descriptionThis update for MozillaFirefox, mozilla-nss and mozilla-nspr fixes the following issues : Issues fixed in MozillaFirefox : Update to Firefox ESR 60.4 (bsc#1119105) CVE-2018-17466: Fixed a buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 CVE-2018-18492: Fixed a use-after-free with select element CVE-2018-18493: Fixed a buffer overflow in accelerated 2D canvas with Skia CVE-2018-18494: Fixed a Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs CVE-2018-18498: Fixed a integer overflow when calculating buffer sizes for images CVE-2018-12405: Fixed a few memory safety bugs Issues fixed in mozilla-nss: Update to NSS 3.40.1 (bsc#1119105) CVE-2018-12404: Fixed a cache side-channel variant of the Bleichenbacher attack (bsc#1119069) CVE-2018-12384: Fixed an issue in the SSL handshake. NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. (bsc#1106873) CVE-2018-0495: Fixed a memory-cache side-channel attack with ECDSA signatures (bsc#1097410) Fixed a decryption failure during FFDHE key exchange Various security fixes in the ASN.1 code Issues fixed in mozilla-nspr: Update mozilla-nspr to 4.20 (bsc#1119105) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2019-01-02
    plugin id120193
    published2019-01-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120193
    titleSUSE SLED15 / SLES15 Security Update : MozillaFirefox, mozilla-nspr / mozilla-nss (SUSE-SU-2018:4235-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-6788454AB6.NASL
    descriptionMinor security update to version 1.8.3 from upstream. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2018-06-18
    plugin id110575
    published2018-06-18
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110575
    titleFedora 27 : libgcrypt (2018-6788454ab6)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-1618.NASL
    descriptionThis update for mozilla-nss and mozilla-nspr fixes the following issues : Issues fixed in mozilla-nss : - Update to NSS 3.40.1 (bsc#1119105) - CVE-2018-12404: Fixed a cache side-channel variant of the Bleichenbacher attack (bsc#1119069) - CVE-2018-12384: Fixed an issue in the SSL handshake. NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. (bsc#1106873) - CVE-2018-0495: Fixed a memory-cache side-channel attack with ECDSA signatures (bsc#1097410) - Fixed a decryption failure during FFDHE key exchange - Various security fixes in the ASN.1 code Issues fixed in mozilla-nspr : - Update mozilla-nspr to 4.20 (bsc#1119105) This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-05
    modified2018-12-31
    plugin id119948
    published2018-12-31
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119948
    titleopenSUSE Security Update : mozilla-nspr and mozilla-nss (openSUSE-2018-1618)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0193_NSS.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has nss packages installed that are affected by multiple vulnerabilities: - Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. (CVE-2018-0495) - A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41. (CVE-2018-12404) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id129915
    published2019-10-15
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129915
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : nss Multiple Vulnerabilities (NS-SA-2019-0193)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0065_OPENSSL.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has openssl packages installed that are affected by multiple vulnerabilities: - While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g. (CVE-2017-3735) - Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. (CVE-2018-0495) - OpenSSL RSA key generation was found to be vulnerable to cache side-channel attacks. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover parts of the private key. (CVE-2018-0737) - Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n). (CVE-2018-0739) - A microprocessor side-channel vulnerability was found on SMT (e.g, Hyper-Threading) architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information. (CVE-2018-5407) - During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o). (CVE-2018-0732) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id127262
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127262
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : openssl Multiple Vulnerabilities (NS-SA-2019-0065)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-98AB6B4E56.NASL
    descriptionUpdate Botan2 to 2.7.0. Focus of this release is on performance and side channel hardening. - Address side channels in RSA key generation and ECDSA signing - Side channel hardening in many core algorithms (modular exponentiation, ECC scalar multiply, Karatsuba multiplication, Barrett reduction, etc) to reduce the risk of future exploitable side channels. - Many optimizations for ECC operations, RSA (including key gen), DSA, DH, and XMSS. Typical speedups vs 2.6.0 is 10 to 40% depending on operation and key size. - Add Scrypt password hashing. Also supported is using Scrypt to derive keys for private key encryption (format compatible with upcoming OpenSSL 1.1.1) - Add base32 encoding/decoding - Plus many bug fixes and smaller enhancements documented in the [release notes](https://botan.randombit.net/news.html#version-2-7 -0-2018-07-02) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2018-07-12
    plugin id111016
    published2018-07-12
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111016
    titleFedora 27 : botan2 (2018-98ab6b4e56)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2019-2237.NASL
    descriptionAn update for nss, nss-softokn, nss-util, and nspr is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a later upstream version: nss (3.44.0), nss-softokn (3.44.0), nss-util (3.44.0), nspr (4.21.0). (BZ#1645231, BZ#1692269, BZ#1692271, BZ#1692274) Security Fix(es) : * ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495) * nss: Cache side-channel variant of the Bleichenbacher attack (CVE-2018-12404) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id128378
    published2019-08-30
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128378
    titleCentOS 7 : nspr / nss / nss-softokn / nss-util (CESA-2019:2237)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20181030_OPENSSL_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495) - openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang (CVE-2018-0732) - openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service (CVE-2018-0739) - openssl: Malformed X.509 IPAdressFamily could cause OOB read (CVE-2017-3735) - openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys (CVE-2018-0737)
    last seen2020-03-18
    modified2018-11-27
    plugin id119194
    published2018-11-27
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119194
    titleScientific Linux Security Update : openssl on SL7.x x86_64 (20181030)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1185.NASL
    descriptionAccording to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.i1/4^CVE-2018-0495i1/4%0 - During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o).i1/4^CVE-2018-0732i1/4%0 - Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).i1/4^CVE-2018-0739i1/4%0 Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-19
    modified2019-04-09
    plugin id123871
    published2019-04-09
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123871
    titleEulerOS Virtualization 2.5.3 : openssl (EulerOS-SA-2019-1185)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1405.NASL
    descriptionIt was discovered that Libgcrypt is prone to a local side-channel attack allowing recovery of ECDSA private keys. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id110814
    published2018-07-02
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110814
    titleDebian DLA-1405-1 : libgcrypt20 security update
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1009.NASL
    descriptionAccording to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495) - openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang (CVE-2018-0732) - openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service (CVE-2018-0739) - openssl: Malformed X.509 IPAdressFamily could cause OOB read (CVE-2017-3735) - openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys (CVE-2018-0737) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-01-08
    plugin id120997
    published2019-01-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120997
    titleEulerOS 2.0 SP5 : openssl (EulerOS-SA-2019-1009)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2246.NASL
    descriptionAccording to the versions of the nss-softokn packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.(CVE-2018-0495) - A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.(CVE-2018-12404) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-11-08
    plugin id130708
    published2019-11-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130708
    titleEulerOS 2.0 SP3 : nss-softokn (EulerOS-SA-2019-2246)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-EAA7DE17AE.NASL
    descriptionUpdate Botan2 to 2.7.0. Focus of this release is on performance and side channel hardening. - Address side channels in RSA key generation and ECDSA signing - Side channel hardening in many core algorithms (modular exponentiation, ECC scalar multiply, Karatsuba multiplication, Barrett reduction, etc) to reduce the risk of future exploitable side channels. - Many optimizations for ECC operations, RSA (including key gen), DSA, DH, and XMSS. Typical speedups vs 2.6.0 is 10 to 40% depending on operation and key size. - Add Scrypt password hashing. Also supported is using Scrypt to derive keys for private key encryption (format compatible with upcoming OpenSSL 1.1.1) - Add base32 encoding/decoding - Plus many bug fixes and smaller enhancements documented in the [release notes](https://botan.randombit.net/news.html#version-2-7 -0-2018-07-02) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-03
    plugin id120879
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120879
    titleFedora 28 : botan2 (2018-eaa7de17ae)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-3221.NASL
    descriptionAn update for openssl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es) : * openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495) * openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang (CVE-2018-0732) * openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service (CVE-2018-0739) * openssl: Malformed X.509 IPAdressFamily could cause OOB read (CVE-2017-3735) * openssl: RSA key generation cache timing vulnerability in crypto/rsa/ rsa_gen.c allows attackers to recover private keys (CVE-2018-0737) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id118534
    published2018-10-31
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118534
    titleRHEL 7 : openssl (RHSA-2018:3221)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-2452-2.NASL
    descriptionThis update for libgcrypt fixes the following issues : The following security vulnerability was addressed : CVE-2018-0495: Mitigate a novel side-channel attack by enabling blinding for ECDSA signatures (bsc#1097410). The following other issues were fixed: Extended the fipsdrv dsa-sign and dsa-verify commands with the --algo parameter for the FIPS testing of DSA SigVer and SigGen (bsc#1064455). Ensure libgcrypt20-hmac and libgcrypt20 are installed in the correct order. (bsc#1090766) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id119142
    published2018-11-26
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119142
    titleSUSE SLED12 / SLES12 Security Update : libgcrypt (SUSE-SU-2018:2452-2)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2020-1355.NASL
    descriptionA heap-based buffer overflow was found in the NSC_EncryptUpdate() function in Mozilla nss. A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application (compiled with nss). While the attack complexity is high, the impact to confidentiality, integrity, and availability are high as well. (CVE-2019-11745) A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41. (CVE-2018-12404) Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. (CVE-2019-11729 ) Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. (CVE-2018-0495)
    last seen2020-03-23
    modified2020-03-19
    plugin id134681
    published2020-03-19
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134681
    titleAmazon Linux AMI : nss / nss-softokn,nss-util,nspr (ALAS-2020-1355)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4231.NASL
    descriptionIt was discovered that Libgcrypt is prone to a local side-channel attack allowing recovery of ECDSA private keys.
    last seen2020-06-01
    modified2020-06-02
    plugin id110572
    published2018-06-18
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110572
    titleDebian DSA-4231-1 : libgcrypt20 - security update
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2018-1102.NASL
    descriptionLibgcrypt allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.(CVE-2018-0495) While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006.(CVE-2017-3735) Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe.(CVE-2018-0739)
    last seen2020-06-10
    modified2018-12-07
    plugin id119464
    published2018-12-07
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119464
    titleAmazon Linux AMI : openssl (ALAS-2018-1102)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_9B5162DE6F3911E8818EE8E0B747A45A.NASL
    descriptionGnuPG reports : Mitigate a local side-channel attack on ECDSA signature as described in the white paper
    last seen2020-06-01
    modified2020-06-02
    plugin id110521
    published2018-06-14
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110521
    titleFreeBSD : libgcrypt -- side-channel attack vulnerability (9b5162de-6f39-11e8-818e-e8e0b747a45a)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1420.NASL
    descriptionAccording to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495) - openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang (CVE-2018-0732) - openssl: Malformed X.509 IPAdressFamily could cause OOB read (CVE-2017-3735) - openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys (CVE-2018-0737) - openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service (CVE-2018-0739) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2018-12-28
    plugin id119909
    published2018-12-28
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119909
    titleEulerOS 2.0 SP2 : openssl (EulerOS-SA-2018-1420)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1252.NASL
    descriptionAccording to the versions of the nss-softokn packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.(CVE-2018-12404) - Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.(CVE-2018-0495) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-19
    modified2020-03-13
    plugin id134541
    published2020-03-13
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134541
    titleEulerOS Virtualization for ARM 64 3.0.2.0 : nss-softokn (EulerOS-SA-2020-1252)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-540.NASL
    descriptionThis update for libgcrypt fixes the following issue : The following security issue was fixed : - CVE-2018-0495: Fixed a novel side-channel attack, by enabling blinding for ECDSA signatures (bsc#1097410) This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id123229
    published2019-03-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123229
    titleopenSUSE Security Update : libgcrypt (openSUSE-2019-540)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-2_0-0091.NASL
    descriptionAn update of 'libgcrypt', 'libsoup' packages of Photon OS has been released.
    last seen2019-02-21
    modified2019-02-07
    plugin id117397
    published2018-09-10
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=117397
    titlePhoton OS 2.0: Libgcrypt / Libsoup PHSA-2018-2.0-0091 (deprecated)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3689-1.NASL
    descriptionKeegan Ryan discovered that Libgcrypt was susceptible to a side-channel attack. A local attacker could possibly use this attack to recover ECDSA private keys. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id110623
    published2018-06-20
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110623
    titleUbuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : libgcrypt11, libgcrypt20 vulnerability (USN-3689-1)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-1_0-0182_LIBGCRYPT.NASL
    descriptionAn update of the libgcrypt package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id121886
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121886
    titlePhoton OS 1.0: Libgcrypt PHSA-2018-1.0-0182
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-769.NASL
    descriptionThis update for libgcrypt fixes the following issue : The following security issue was fixed : - CVE-2018-0495: Fixed a novel side-channel attack, by enabling blinding for ECDSA signatures (bsc#1097410) This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-05
    modified2018-07-30
    plugin id111421
    published2018-07-30
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111421
    titleopenSUSE Security Update : libgcrypt (openSUSE-2018-769)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0236_NSS.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has nss packages installed that are affected by multiple vulnerabilities: - Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. (CVE-2018-0495) - A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41. (CVE-2018-12404) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id132493
    published2019-12-31
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132493
    titleNewStart CGSL CORE 5.05 / MAIN 5.05 : nss Multiple Vulnerabilities (NS-SA-2019-0236)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-2_0-0091_LIBGCRYPT.NASL
    descriptionAn update of the libgcrypt package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id121992
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121992
    titlePhoton OS 2.0: Libgcrypt PHSA-2018-2.0-0091
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1267.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1267 advisory. - ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495) - nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-23
    modified2020-04-01
    plugin id135092
    published2020-04-01
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135092
    titleRHEL 7 : nss-softokn (RHSA-2020:1267)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-1297.NASL
    descriptionAn update is now available for JBoss Core Services on RHEL 6 and RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.29 Service Pack 2 serves as an update to Red Hat JBoss Core Services Apache HTTP Server 2.4.29, and includes bug fixes for CVEs which are linked to in the References section. Security Fix(es) : * openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang (CVE-2018-0732) * openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495) * httpd: privilege escalation from modules scripts (CVE-2019-0211) Details around this issue, including information about the CVE, severity of the issue, and CVSS scores can be found on the CVE pages listed in the References section below.
    last seen2020-06-01
    modified2020-06-02
    plugin id125616
    published2019-05-31
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125616
    titleRHEL 6 / 7 : Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP2 (RHSA-2019:1297)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-2237.NASL
    descriptionAn update for nss, nss-softokn, nss-util, and nspr is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a later upstream version: nss (3.44.0), nss-softokn (3.44.0), nss-util (3.44.0), nspr (4.21.0). (BZ#1645231, BZ#1692269, BZ#1692271, BZ#1692274) Security Fix(es) : * ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495) * nss: Cache side-channel variant of the Bleichenbacher attack (CVE-2018-12404) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id127699
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127699
    titleRHEL 7 : nss, nss-softokn, nss-util, and nspr (RHSA-2019:2237)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1546.NASL
    descriptionAccording to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.(CVE-2018-0495) - OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key.(CVE-2013-0166) - OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an
    last seen2020-06-01
    modified2020-06-02
    plugin id124999
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124999
    titleEulerOS Virtualization 3.0.1.0 : openssl (EulerOS-SA-2019-1546)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1993-1.NASL
    descriptionThis update for libgcrypt fixes the following issue: The following security issue was fixed : - CVE-2018-0495: Fixed a novel side-channel attack, by enabling blinding for ECDSA signatures (bsc#1097410) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-21
    modified2019-01-02
    plugin id120054
    published2019-01-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120054
    titleSUSE SLED15 / SLES15 Security Update : libgcrypt (SUSE-SU-2018:1993-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1392.NASL
    descriptionAccording to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495) - openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang (CVE-2018-0732) - openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service (CVE-2018-0739) - openssl: Malformed X.509 IPAdressFamily could cause OOB read (CVE-2017-3735) - openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys (CVE-2018-0737) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-15
    modified2018-12-10
    plugin id119520
    published2018-12-10
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119520
    titleEulerOS 2.0 SP3 : openssl (EulerOS-SA-2018-1392)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1400.NASL
    descriptionAccording to the versions of the openssl packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable
    last seen2020-06-01
    modified2020-06-02
    plugin id124903
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124903
    titleEulerOS Virtualization for ARM 64 3.0.1.0 : openssl (EulerOS-SA-2019-1400)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2019-1305.NASL
    descriptionA cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41. (CVE-2018-12404) Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. (CVE-2018-0495)
    last seen2020-06-01
    modified2020-06-02
    plugin id129563
    published2019-10-04
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129563
    titleAmazon Linux 2 : nss (ALAS-2019-1305)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-4236-1.NASL
    descriptionThis update for MozillaFirefox, mozilla-nss and mozilla-nspr fixes the following issues : Issues fixed in MozillaFirefox : Update to Firefox ESR 60.4 (bsc#1119105) CVE-2018-17466: Fixed a buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 CVE-2018-18492: Fixed a use-after-free with select element CVE-2018-18493: Fixed a buffer overflow in accelerated 2D canvas with Skia CVE-2018-18494: Fixed a Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs CVE-2018-18498: Fixed a integer overflow when calculating buffer sizes for images CVE-2018-12405: Fixed a few memory safety bugs Issues fixed in mozilla-nss: Update to NSS 3.40.1 (bsc#1119105) CVE-2018-12404: Fixed a cache side-channel variant of the Bleichenbacher attack (bsc#1119069) CVE-2018-12384: Fixed an issue in the SSL handshake. NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. (bsc#1106873) CVE-2018-0495: Fixed a memory-cache side-channel attack with ECDSA signatures (bsc#1097410) Fixed a decryption failure during FFDHE key exchange Various security fixes in the ASN.1 code Issues fixed in mozilla-nspr: Update mozilla-nspr to 4.20 (bsc#1119105) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-26
    modified2018-12-24
    plugin id119871
    published2018-12-24
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119871
    titleSUSE SLED12 / SLES12 Security Update : MozillaFirefox, mozilla-nspr / mozilla-nss (SUSE-SU-2018:4236-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3850-1.NASL
    descriptionKeegan Ryan discovered that NSS incorrectly handled ECDSA key generation. A local attacker could possibly use this issue to perform a cache-timing attack and recover private ECDSA keys. (CVE-2018-0495) It was discovered that NSS incorrectly handled certain v2-compatible ClientHello messages. A remote attacker could possibly use this issue to perform a replay attack. (CVE-2018-12384) It was discovered that NSS incorrectly handled certain padding oracles. A remote attacker could possibly use this issue to perform a variant of the Bleichenbacher attack. (CVE-2018-12404). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2019-01-10
    plugin id121062
    published2019-01-10
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121062
    titleUbuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : nss vulnerabilities (USN-3850-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1201.NASL
    descriptionAccording to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.i1/4^CVE-2018-0495i1/4%0 - During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o).i1/4^CVE-2018-0732i1/4%0 - Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).i1/4^CVE-2018-0739i1/4%0 - While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.i1/4^CVE-2017-3735i1/4%0 - OpenSSL RSA key generation was found to be vulnerable to cache side-channel attacks. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover parts of the private key.i1/4^CVE-2018-0737i1/4%0 Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-19
    modified2019-04-09
    plugin id123887
    published2019-04-09
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123887
    titleEulerOS Virtualization 2.5.4 : openssl (EulerOS-SA-2019-1201)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-1EA5BEB4CF.NASL
    descriptionMinor security update to version 1.8.3 from upstream. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-03
    plugin id120278
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120278
    titleFedora 28 : libgcrypt (2018-1ea5beb4cf)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-795.NASL
    descriptionThis update for libgcrypt fixes the following issues : The following security vulnerability was addressed : - CVE-2018-0495: Mitigate a novel side-channel attack by enabling blinding for ECDSA signatures (bsc#1097410). The following other issues were fixed : - Extended the fipsdrv dsa-sign and dsa-verify commands with the --algo parameter for the FIPS testing of DSA SigVer and SigGen (bsc#1064455). - Ensure libgcrypt20-hmac and libgcrypt20 are installed in the correct order. (bsc#1090766) This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-05
    modified2018-08-06
    plugin id111545
    published2018-08-06
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111545
    titleopenSUSE Security Update : libgcrypt (openSUSE-2018-795)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2018-164-01.NASL
    descriptionNew libgcrypt packages are available for Slackware 14.2 and -current to fix a security issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id110528
    published2018-06-14
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110528
    titleSlackware 14.2 / current : libgcrypt (SSA:2018-164-01)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3692-1.NASL
    descriptionKeegan Ryan discovered that OpenSSL incorrectly handled ECDSA key generation. An attacker could possibly use this issue to perform a cache-timing attack and recover private ECDSA keys. (CVE-2018-0495) Guido Vranken discovered that OpenSSL incorrectly handled very large prime values during a key agreement. A remote attacker could possibly use this issue to consume resources, leading to a denial of service. (CVE-2018-0732) Alejandro Cabrera Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia discovered that OpenSSL incorrectly handled RSA key generation. An attacker could possibly use this issue to perform a cache-timing attack and recover private RSA keys. (CVE-2018-0737). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id110721
    published2018-06-27
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110721
    titleUbuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : openssl, openssl1.0 vulnerabilities (USN-3692-1)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20190806_NSS__NSS_SOFTOKN__NSS_UTIL__AND_NSPR_ON_SL7_X.NASL
    descriptionNetscape Portable Runtime (NSPR) provides platform independence for non- GUI operating system facilities. The following packages have been upgraded to a later upstream version: nss (3.44.0), nss-softokn (3.44.0), nss-util (3.44.0), nspr (4.21.0). Security Fix(es) : - ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495) - nss: Cache side-channel variant of the Bleichenbacher attack (CVE-2018-12404)
    last seen2020-03-18
    modified2019-08-27
    plugin id128243
    published2019-08-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128243
    titleScientific Linux Security Update : nss, nss-softokn, nss-util, and nspr on SL7.x x86_64 (20190806)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-2089-1.NASL
    descriptionThis update for libgcrypt fixes the following issues: The following security vulnerability was addressed : - CVE-2018-0495: Mitigate a novel side-channel attack by enabling blinding for ECDSA signatures (bsc#1097410). The following other issues were fixed : - Extended the fipsdrv dsa-sign and dsa-verify commands with the --algo parameter for the FIPS testing of DSA SigVer and SigGen (bsc#1064455). - Ensure libgcrypt20-hmac and libgcrypt20 are installed in the correct order. (bsc#1090766) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id111439
    published2018-07-30
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111439
    titleSUSE SLED12 / SLES12 Security Update : libgcrypt (SUSE-SU-2018:2089-1)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2018-1102.NASL
    descriptionDuring key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack.(CVE-2018-0732) Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.(CVE-2018-0495) Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe.(CVE-2018-0739) While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006.(CVE-2017-3735)
    last seen2020-06-01
    modified2020-06-02
    plugin id118833
    published2018-11-09
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118833
    titleAmazon Linux 2 : openssl (ALAS-2018-1102)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-A8FFCFF7EE.NASL
    descriptionMinor update to version 1.1.1a with bug fixes and low impact security fixes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2019-01-18
    plugin id121239
    published2019-01-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121239
    titleFedora 29 : 1:openssl (2019-a8ffcff7ee)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1461.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1461 advisory. - ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495) - nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-23
    modified2020-04-14
    plugin id135460
    published2020-04-14
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135460
    titleRHEL 7 : nss-softokn (RHSA-2020:1461)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1039.NASL
    descriptionThis update for mozilla-nss and mozilla-nspr fixes the following issues : Issues fixed in mozilla-nss : - Update to NSS 3.40.1 (bsc#1119105) - CVE-2018-12404: Fixed a cache side-channel variant of the Bleichenbacher attack (bsc#1119069) - CVE-2018-12384: Fixed an issue in the SSL handshake. NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. (bsc#1106873) - CVE-2018-0495: Fixed a memory-cache side-channel attack with ECDSA signatures (bsc#1097410) - Fixed a decryption failure during FFDHE key exchange - Various security fixes in the ASN.1 code Issues fixed in mozilla-nspr : - Update mozilla-nspr to 4.20 (bsc#1119105) This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id123164
    published2019-03-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123164
    titleopenSUSE Security Update : mozilla-nspr and mozilla-nss (openSUSE-2019-1039)

Redhat

advisories
  • rhsa
    idRHSA-2018:3221
  • rhsa
    idRHSA-2018:3505
  • rhsa
    idRHSA-2019:1296
  • rhsa
    idRHSA-2019:1297
  • rhsa
    idRHSA-2019:1543
  • rhsa
    idRHSA-2019:2237
rpms
  • openssl-1:1.0.2k-16.el7
  • openssl-debuginfo-1:1.0.2k-16.el7
  • openssl-devel-1:1.0.2k-16.el7
  • openssl-libs-1:1.0.2k-16.el7
  • openssl-perl-1:1.0.2k-16.el7
  • openssl-static-1:1.0.2k-16.el7
  • jbcs-httpd24-httpd-0:2.4.29-40.jbcs.el6
  • jbcs-httpd24-httpd-0:2.4.29-40.jbcs.el7
  • jbcs-httpd24-httpd-debuginfo-0:2.4.29-40.jbcs.el6
  • jbcs-httpd24-httpd-debuginfo-0:2.4.29-40.jbcs.el7
  • jbcs-httpd24-httpd-devel-0:2.4.29-40.jbcs.el6
  • jbcs-httpd24-httpd-devel-0:2.4.29-40.jbcs.el7
  • jbcs-httpd24-httpd-manual-0:2.4.29-40.jbcs.el6
  • jbcs-httpd24-httpd-manual-0:2.4.29-40.jbcs.el7
  • jbcs-httpd24-httpd-selinux-0:2.4.29-40.jbcs.el6
  • jbcs-httpd24-httpd-selinux-0:2.4.29-40.jbcs.el7
  • jbcs-httpd24-httpd-tools-0:2.4.29-40.jbcs.el6
  • jbcs-httpd24-httpd-tools-0:2.4.29-40.jbcs.el7
  • jbcs-httpd24-mod_ldap-0:2.4.29-40.jbcs.el6
  • jbcs-httpd24-mod_ldap-0:2.4.29-40.jbcs.el7
  • jbcs-httpd24-mod_proxy_html-1:2.4.29-40.jbcs.el6
  • jbcs-httpd24-mod_proxy_html-1:2.4.29-40.jbcs.el7
  • jbcs-httpd24-mod_session-0:2.4.29-40.jbcs.el6
  • jbcs-httpd24-mod_session-0:2.4.29-40.jbcs.el7
  • jbcs-httpd24-mod_ssl-1:2.4.29-40.jbcs.el6
  • jbcs-httpd24-mod_ssl-1:2.4.29-40.jbcs.el7
  • jbcs-httpd24-openssl-1:1.0.2n-15.jbcs.el6
  • jbcs-httpd24-openssl-1:1.0.2n-15.jbcs.el7
  • jbcs-httpd24-openssl-debuginfo-1:1.0.2n-15.jbcs.el6
  • jbcs-httpd24-openssl-debuginfo-1:1.0.2n-15.jbcs.el7
  • jbcs-httpd24-openssl-devel-1:1.0.2n-15.jbcs.el6
  • jbcs-httpd24-openssl-devel-1:1.0.2n-15.jbcs.el7
  • jbcs-httpd24-openssl-libs-1:1.0.2n-15.jbcs.el6
  • jbcs-httpd24-openssl-libs-1:1.0.2n-15.jbcs.el7
  • jbcs-httpd24-openssl-perl-1:1.0.2n-15.jbcs.el6
  • jbcs-httpd24-openssl-perl-1:1.0.2n-15.jbcs.el7
  • jbcs-httpd24-openssl-static-1:1.0.2n-15.jbcs.el6
  • jbcs-httpd24-openssl-static-1:1.0.2n-15.jbcs.el7
  • nspr-0:4.21.0-1.el7
  • nspr-debuginfo-0:4.21.0-1.el7
  • nspr-devel-0:4.21.0-1.el7
  • nss-0:3.44.0-4.el7
  • nss-debuginfo-0:3.44.0-4.el7
  • nss-devel-0:3.44.0-4.el7
  • nss-pkcs11-devel-0:3.44.0-4.el7
  • nss-softokn-0:3.44.0-5.el7
  • nss-softokn-debuginfo-0:3.44.0-5.el7
  • nss-softokn-devel-0:3.44.0-5.el7
  • nss-softokn-freebl-0:3.44.0-5.el7
  • nss-softokn-freebl-devel-0:3.44.0-5.el7
  • nss-sysinit-0:3.44.0-4.el7
  • nss-tools-0:3.44.0-4.el7
  • nss-util-0:3.44.0-3.el7
  • nss-util-debuginfo-0:3.44.0-3.el7
  • nss-util-devel-0:3.44.0-3.el7
  • nss-softokn-0:3.36.0-6.el7_5
  • nss-softokn-debuginfo-0:3.36.0-6.el7_5
  • nss-softokn-devel-0:3.36.0-6.el7_5
  • nss-softokn-freebl-0:3.36.0-6.el7_5
  • nss-softokn-freebl-devel-0:3.36.0-6.el7_5
  • nss-softokn-0:3.28.3-9.el7_4
  • nss-softokn-debuginfo-0:3.28.3-9.el7_4
  • nss-softokn-devel-0:3.28.3-9.el7_4
  • nss-softokn-freebl-0:3.28.3-9.el7_4
  • nss-softokn-freebl-devel-0:3.28.3-9.el7_4
  • nss-softokn-0:3.36.0-6.el7_6
  • nss-softokn-debuginfo-0:3.36.0-6.el7_6
  • nss-softokn-devel-0:3.36.0-6.el7_6
  • nss-softokn-freebl-0:3.36.0-6.el7_6
  • nss-softokn-freebl-devel-0:3.36.0-6.el7_6

References