ID

VAR-201810-0932


CVE

CVE-2018-0734


TITLE

OpenSSL Encryption problem vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-201810-1435

DESCRIPTION

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p). The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. The vulnerability stems from incorrect use of relevant cryptographic algorithms by network systems or products, resulting in improperly encrypted content, weak encryption, and storing sensitive information in plain text. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/openssl-1.0.2q-i586-1_slack14.2.txz: Upgraded. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734 (* Security fix *) patches/packages/openssl-solibs-1.0.2q-i586-1_slack14.2.txz: Upgraded. +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-1.0.1u-i486-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssl-solibs-1.0.1u-i486-1_slack14.0.txz Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-1.0.1u-x86_64-1_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssl-solibs-1.0.1u-x86_64-1_slack14.0.txz Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-1.0.1u-i486-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssl-solibs-1.0.1u-i486-1_slack14.1.txz Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-1.0.1u-x86_64-1_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssl-solibs-1.0.1u-x86_64-1_slack14.1.txz Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-1.0.2q-i586-1_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-solibs-1.0.2q-i586-1_slack14.2.txz Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-1.0.2q-x86_64-1_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-solibs-1.0.2q-x86_64-1_slack14.2.txz Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.1.1a-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.1.1a-i586-1.txz Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.1.1a-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.1.1a-x86_64-1.txz MD5 signatures: +-------------+ Slackware 14.0 packages: e6d4b3a76383f9f253da4128ba23f269 openssl-1.0.1u-i486-1_slack14.0.txz c61d31a1751ae39af89d3fee0b54f0d8 openssl-solibs-1.0.1u-i486-1_slack14.0.txz Slackware x86_64 14.0 packages: 96be19e6a96c9beb5d3bbc55348fb483 openssl-1.0.1u-x86_64-1_slack14.0.txz b7a8fa2ebd16c8ae106fc1267bc29eca openssl-solibs-1.0.1u-x86_64-1_slack14.0.txz Slackware 14.1 packages: 099b960e62eaea5d1a639a61a2fabca7 openssl-1.0.1u-i486-1_slack14.1.txz b5d5219e05db97f63c4d6c389d6884fb openssl-solibs-1.0.1u-i486-1_slack14.1.txz Slackware x86_64 14.1 packages: fc96c87d76c9d1efd1290ac847fa7c7c openssl-1.0.1u-x86_64-1_slack14.1.txz e873b66f84f45ea34d028a3d524ce573 openssl-solibs-1.0.1u-x86_64-1_slack14.1.txz Slackware 14.2 packages: d5f0cc19451e9c7e3967820cf02a20c6 openssl-1.0.2q-i586-1_slack14.2.txz 594ca80447baecd608a51083b12a26d9 openssl-solibs-1.0.2q-i586-1_slack14.2.txz Slackware x86_64 14.2 packages: 943bb2f3259ccf97a1b8b25f5f511c30 openssl-1.0.2q-x86_64-1_slack14.2.txz 0d45afe2487c47b283c06902c56e4559 openssl-solibs-1.0.2q-x86_64-1_slack14.2.txz Slackware -current packages: 6f01f6dd0f40a12e473320386cfc8536 a/openssl-solibs-1.1.1a-i586-1.txz 6e5a2ab2475a0d851376d12911b3c6b7 n/openssl-1.1.1a-i586-1.txz Slackware x86_64 -current packages: eb4697703f1f4b81ad38e9247ab70dac a/openssl-solibs-1.1.1a-x86_64-1.txz 12a10fd6bd2344b3e73106c8d5b9828c n/openssl-1.1.1a-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the packages as root: # upgradepkg openssl-1.0.2q-i586-1_slack14.2.txz openssl-solibs-1.0.2q-i586-1_slack14.2.txz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For the stable distribution (stretch), these problems have been fixed in version 1.0.2q-1~deb9u1. Going forward, openssl1.0 security updates for stretch will be based on the 1.0.2x upstream releases. We recommend that you upgrade your openssl1.0 packages. For the detailed security status of openssl1.0 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openssl1.0 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlwaxeQACgkQEMKTtsN8 TjZVQQ//eOqeqdTZgGqXS7hI2TPT/m1mLLFfGQvxKvqYAvo+eNns5PbHGvhoM3OY 6TnR7dh3PFRHogYh7IeEymFM12HmNxX75Fz5Rs2/AX8dNvbACZFWmodkE7REm1// oLaQbr74Bq0T8pzfRntLZGqTRcumfvbGEWO4Sfob/RJ9F9+LfUKdiTI6wIcNXBtr 47Lffe10gGok+5qmruMgf3fy+verwu6uLPrLX+ekHKW383gB9M26S0BwQMU2AIlu PzJ7IPL515aBdOogeCTG3Ag1nMFfkaX4537zn5QpqcPcx/NGmcyrRgHzS0CbRIBG DFlAsO5rJdAUqw660MxNgkBkUNBDok6jW79HFmjyAO2aY5/QcCN+LhLng7A3FO7F Eg+kFifibUgs2y7fGlcGMZmLzRtparDtb+MrBXXrSar/nzcdrRwSk+1gjmB8iIVO W/J7s0GFHZ2V+FfOuDeBoprH7yLT8Ny8/IBSfLe/JiiTzzh+5l9D23dRTcT0PfFy hRboNQ+VLEpl1N1mfgB6pNpRaFoMCsoXe26rpkRiEfwXVRFgcsJbAJA27kgMko4S q8JzaJo4/YiACng5u6b0bwv2IaExrEnXhfje8oxxABDNQmu5E9tu1artCtHVaL3K TNyBsE9TZNSIZQgkoVoSHbeLVdAVgBLXTyzjKNxuzCvMl0VolGY= =Q1ou -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: openssl security and bug fix update Advisory ID: RHSA-2019:2304-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2304 Issue date: 2019-08-06 CVE Names: CVE-2018-0734 CVE-2019-1559 ==================================================================== 1. Summary: An update for openssl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. 5. Package List: Red Hat Enterprise Linux Client (v. 7): Source: openssl-1.0.2k-19.el7.src.rpm x86_64: openssl-1.0.2k-19.el7.x86_64.rpm openssl-debuginfo-1.0.2k-19.el7.i686.rpm openssl-debuginfo-1.0.2k-19.el7.x86_64.rpm openssl-libs-1.0.2k-19.el7.i686.rpm openssl-libs-1.0.2k-19.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: openssl-debuginfo-1.0.2k-19.el7.i686.rpm openssl-debuginfo-1.0.2k-19.el7.x86_64.rpm openssl-devel-1.0.2k-19.el7.i686.rpm openssl-devel-1.0.2k-19.el7.x86_64.rpm openssl-perl-1.0.2k-19.el7.x86_64.rpm openssl-static-1.0.2k-19.el7.i686.rpm openssl-static-1.0.2k-19.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: openssl-1.0.2k-19.el7.src.rpm x86_64: openssl-1.0.2k-19.el7.x86_64.rpm openssl-debuginfo-1.0.2k-19.el7.i686.rpm openssl-debuginfo-1.0.2k-19.el7.x86_64.rpm openssl-libs-1.0.2k-19.el7.i686.rpm openssl-libs-1.0.2k-19.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: openssl-debuginfo-1.0.2k-19.el7.i686.rpm openssl-debuginfo-1.0.2k-19.el7.x86_64.rpm openssl-devel-1.0.2k-19.el7.i686.rpm openssl-devel-1.0.2k-19.el7.x86_64.rpm openssl-perl-1.0.2k-19.el7.x86_64.rpm openssl-static-1.0.2k-19.el7.i686.rpm openssl-static-1.0.2k-19.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: openssl-1.0.2k-19.el7.src.rpm ppc64: openssl-1.0.2k-19.el7.ppc64.rpm openssl-debuginfo-1.0.2k-19.el7.ppc.rpm openssl-debuginfo-1.0.2k-19.el7.ppc64.rpm openssl-devel-1.0.2k-19.el7.ppc.rpm openssl-devel-1.0.2k-19.el7.ppc64.rpm openssl-libs-1.0.2k-19.el7.ppc.rpm openssl-libs-1.0.2k-19.el7.ppc64.rpm ppc64le: openssl-1.0.2k-19.el7.ppc64le.rpm openssl-debuginfo-1.0.2k-19.el7.ppc64le.rpm openssl-devel-1.0.2k-19.el7.ppc64le.rpm openssl-libs-1.0.2k-19.el7.ppc64le.rpm s390x: openssl-1.0.2k-19.el7.s390x.rpm openssl-debuginfo-1.0.2k-19.el7.s390.rpm openssl-debuginfo-1.0.2k-19.el7.s390x.rpm openssl-devel-1.0.2k-19.el7.s390.rpm openssl-devel-1.0.2k-19.el7.s390x.rpm openssl-libs-1.0.2k-19.el7.s390.rpm openssl-libs-1.0.2k-19.el7.s390x.rpm x86_64: openssl-1.0.2k-19.el7.x86_64.rpm openssl-debuginfo-1.0.2k-19.el7.i686.rpm openssl-debuginfo-1.0.2k-19.el7.x86_64.rpm openssl-devel-1.0.2k-19.el7.i686.rpm openssl-devel-1.0.2k-19.el7.x86_64.rpm openssl-libs-1.0.2k-19.el7.i686.rpm openssl-libs-1.0.2k-19.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: openssl-debuginfo-1.0.2k-19.el7.ppc.rpm openssl-debuginfo-1.0.2k-19.el7.ppc64.rpm openssl-perl-1.0.2k-19.el7.ppc64.rpm openssl-static-1.0.2k-19.el7.ppc.rpm openssl-static-1.0.2k-19.el7.ppc64.rpm ppc64le: openssl-debuginfo-1.0.2k-19.el7.ppc64le.rpm openssl-perl-1.0.2k-19.el7.ppc64le.rpm openssl-static-1.0.2k-19.el7.ppc64le.rpm s390x: openssl-debuginfo-1.0.2k-19.el7.s390.rpm openssl-debuginfo-1.0.2k-19.el7.s390x.rpm openssl-perl-1.0.2k-19.el7.s390x.rpm openssl-static-1.0.2k-19.el7.s390.rpm openssl-static-1.0.2k-19.el7.s390x.rpm x86_64: openssl-debuginfo-1.0.2k-19.el7.i686.rpm openssl-debuginfo-1.0.2k-19.el7.x86_64.rpm openssl-perl-1.0.2k-19.el7.x86_64.rpm openssl-static-1.0.2k-19.el7.i686.rpm openssl-static-1.0.2k-19.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: openssl-1.0.2k-19.el7.src.rpm x86_64: openssl-1.0.2k-19.el7.x86_64.rpm openssl-debuginfo-1.0.2k-19.el7.i686.rpm openssl-debuginfo-1.0.2k-19.el7.x86_64.rpm openssl-devel-1.0.2k-19.el7.i686.rpm openssl-devel-1.0.2k-19.el7.x86_64.rpm openssl-libs-1.0.2k-19.el7.i686.rpm openssl-libs-1.0.2k-19.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: openssl-debuginfo-1.0.2k-19.el7.i686.rpm openssl-debuginfo-1.0.2k-19.el7.x86_64.rpm openssl-perl-1.0.2k-19.el7.x86_64.rpm openssl-static-1.0.2k-19.el7.i686.rpm openssl-static-1.0.2k-19.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-0734 https://access.redhat.com/security/cve/CVE-2019-1559 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXUl3otzjgjWX9erEAQgZQQ//XNcjRJGLVmjAzbVGiwxEqfFUvDVNiu97 fW0vLXuV9TnQTveOVqOAWmmMv2iShkVIRPDvzlOfUsYrrDEYHKr0N38R/fhDEZsM WQrJh54WK9IjEGNevLTCePKMhVuII1WnHrLDwZ6hxYGdcap/sJrf+N428b5LvHbM B39vWl3vqJYXoiI5dmIYL8ko2SfLms5Cg+dR0hLrNohf9gK2La+jhWb/j2xw6X6q /LXw5+hi/G+USbnNFfjt9G0fNjMMZRX2bukUvY6UWJRYTOXpIUOFqqp5w9zgM7tZ uX7TMTC9xe6te4mBCAFDdt+kYYLYSHfSkFlFq+S7V0MY8DmnIzqBJE4lJIDTVp9F JbrMIPs9G5jdnzPUKZw/gH9WLgka8Q8AYI+KA2xSxFX9VZ20Z+EDDC9/4uwj3i0A gLeIB68OwD70jn4sjuQqizr7TCviQhTUoKVd/mTBAxSEFZLcE8Sy/BEYxLPm81z0 veL16l6pmfg9uLac4V576ImfYNWlBEnJspA5E9K5CqQRPuZpCQFov7/D17Qm8v/x IcVKUaXiGquBwzHmIsD5lTCpl7CrGoU1PfNJ6Y/4xrVFOh1DLA4y6nnfysyO9eZx zBfuYS2VmfIq/tp1CjagI/DmJC4ezXeE4Phq9jm0EBASXtnLzVmc5j7kkqWjCcfm BtpJTAdr1kE=7kKR -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Description: This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.29 and includes bug fixes and enhancements. After installing the updated packages, the httpd daemon will be restarted automatically. Bugs fixed (https://bugzilla.redhat.com/): 1568253 - CVE-2018-0737 openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys 1644364 - CVE-2018-0734 openssl: timing side channel attack in the DSA signature algorithm 1645695 - CVE-2018-5407 openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) 1668493 - CVE-2018-17199 httpd: mod_session_cookie does not respect expiry time 1668497 - CVE-2018-17189 httpd: mod_http2: DoS via slow, unneeded request bodies 1695020 - CVE-2019-0217 httpd: mod_auth_digest: access control bypass due to race condition 1695030 - CVE-2019-0196 httpd: mod_http2: read-after-free on a string compare 1695042 - CVE-2019-0197 httpd: mod_http2: possible crash on late upgrade 1735741 - CVE-2019-9513 HTTP/2: flood using PRIORITY frames results in excessive resource consumption 1741860 - CVE-2019-9511 HTTP/2: large amount of data requests leads to denial of service 1741864 - CVE-2019-9516 HTTP/2: 0-length headers lead to denial of service 1741868 - CVE-2019-9517 HTTP/2: request for large response leads to denial of service 6. 8) - aarch64, ppc64le, s390x, x86_64 3. The following packages have been upgraded to a later upstream version: openssl (1.1.1c)

Trust: 1.71

sources: NVD: CVE-2018-0734 // VULHUB: VHN-118936 // VULMON: CVE-2018-0734 // PACKETSTORM: 150437 // PACKETSTORM: 155414 // PACKETSTORM: 155417 // PACKETSTORM: 150860 // PACKETSTORM: 153932 // PACKETSTORM: 155416 // PACKETSTORM: 155160

AFFECTED PRODUCTS

vendor:oraclemodel:mysql enterprise backupscope:lteversion:4.1.2

Trust: 1.0

vendor:oraclemodel:e-business suite technology stackscope:eqversion:1.0.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:16.04

Trust: 1.0

vendor:oraclemodel:mysql enterprise backupscope:lteversion:3.12.3

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.55

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:18.10

Trust: 1.0

vendor:oraclemodel:enterprise manager base platformscope:eqversion:13.3.0.0.0

Trust: 1.0

vendor:netappmodel:santricity smi-s providerscope:eqversion: -

Trust: 1.0

vendor:oraclemodel:e-business suite technology stackscope:eqversion:1.0.1

Trust: 1.0

vendor:oraclemodel:primavera p6 professional project managementscope:lteversion:17.12

Trust: 1.0

vendor:opensslmodel:opensslscope:lteversion:1.0.2p

Trust: 1.0

vendor:oraclemodel:mysql enterprise backupscope:gteversion:3.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:18.04

Trust: 1.0

vendor:oraclemodel:mysql enterprise backupscope:gteversion:4.0

Trust: 1.0

vendor:oraclemodel:primavera p6 professional project managementscope:eqversion:16.2

Trust: 1.0

vendor:oraclemodel:api gatewayscope:eqversion:11.1.2.4.0

Trust: 1.0

vendor:opensslmodel:opensslscope:gteversion:1.0.2

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:10.0.0

Trust: 1.0

vendor:netappmodel:steelstorescope:eqversion: -

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:6.9.0

Trust: 1.0

vendor:oraclemodel:enterprise manager ops centerscope:eqversion:12.3.3

Trust: 1.0

vendor:oraclemodel:e-business suite technology stackscope:eqversion:0.9.8

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.56

Trust: 1.0

vendor:netappmodel:snapcenterscope:eqversion: -

Trust: 1.0

vendor:nodejsmodel:node.jsscope:eqversion:10.13.0

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:1.1.1

Trust: 1.0

vendor:oraclemodel:primavera p6 professional project managementscope:eqversion:8.4

Trust: 1.0

vendor:oraclemodel:primavera p6 professional project managementscope:gteversion:17.7

Trust: 1.0

vendor:oraclemodel:tuxedoscope:eqversion:12.1.1.0.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:lteversion:8.8.1

Trust: 1.0

vendor:oraclemodel:primavera p6 professional project managementscope:eqversion:16.1

Trust: 1.0

vendor:nodejsmodel:node.jsscope:lteversion:6.8.1

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:8.0.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:ltversion:8.14.0

Trust: 1.0

vendor:oraclemodel:enterprise manager base platformscope:eqversion:13.2.0.0.0

Trust: 1.0

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.57

Trust: 1.0

vendor:opensslmodel:opensslscope:lteversion:1.1.0i

Trust: 1.0

vendor:netappmodel:storage automation storescope:eqversion: -

Trust: 1.0

vendor:oraclemodel:enterprise manager base platformscope:eqversion:12.1.0.5.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:ltversion:11.3.0

Trust: 1.0

vendor:netappmodel:oncommand unified managerscope:eqversion:*

Trust: 1.0

vendor:opensslmodel:opensslscope:gteversion:1.1.0

Trust: 1.0

vendor:nodejsmodel:node.jsscope:ltversion:6.15.0

Trust: 1.0

vendor:netappmodel:cn1610scope:eqversion: -

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:6.0.0

Trust: 1.0

vendor:oraclemodel:primavera p6 professional project managementscope:eqversion:15.2

Trust: 1.0

vendor:nodejsmodel:node.jsscope:lteversion:10.12.0

Trust: 1.0

vendor:netappmodel:cloud backupscope:eqversion: -

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:14.04

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:11.0.0

Trust: 1.0

vendor:oraclemodel:primavera p6 professional project managementscope:eqversion:15.1

Trust: 1.0

vendor:nodejsmodel:node.jsscope:gteversion:8.9.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:oraclemodel:primavera p6 professional project managementscope:eqversion:18.8

Trust: 1.0

sources: NVD: CVE-2018-0734

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0734
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-201810-1435
value: MEDIUM

Trust: 0.6

VULHUB: VHN-118936
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-0734
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0734
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-118936
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0734
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-118936 // VULMON: CVE-2018-0734 // CNNVD: CNNVD-201810-1435 // NVD: CVE-2018-0734

PROBLEMTYPE DATA

problemtype:CWE-327

Trust: 1.1

problemtype:CWE-320

Trust: 0.1

sources: VULHUB: VHN-118936 // NVD: CVE-2018-0734

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-1435

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201810-1435

PATCH

title:OpenSSL Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86419

Trust: 0.6

title:Red Hat: Moderate: openssl security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192304 - Security Advisory

Trust: 0.1

title:Red Hat: Low: openssl security, bug fix, and enhancement updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193700 - Security Advisory

Trust: 0.1

title:Amazon Linux AMI: ALAS-2019-1153url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2019-1153

Trust: 0.1

title:Ubuntu Security Notice: openssl, openssl1.0 vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3840-1

Trust: 0.1

title:Amazon Linux 2: ALAS2-2019-1153url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2019-1153

Trust: 0.1

title:Red Hat: CVE-2018-0734url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2018-0734

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2018-0734

Trust: 0.1

title:Debian Security Advisories: DSA-4355-1 openssl1.0 -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=7cc6b04edacd67d6e5bf27bd36f54217

Trust: 0.1

title:Amazon Linux 2: ALAS2-2019-1362url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2019-1362

Trust: 0.1

title:Arch Linux Advisories: [ASA-201812-7] lib32-openssl-1.0: private key recoveryurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201812-7

Trust: 0.1

title:Arch Linux Advisories: [ASA-201812-6] lib32-openssl: private key recoveryurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201812-6

Trust: 0.1

title:Arch Linux Advisories: [ASA-201812-5] openssl: private key recoveryurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201812-5

Trust: 0.1

title:Arch Linux Advisories: [ASA-201812-8] openssl-1.0: private key recoveryurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201812-8

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Releaseurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193935 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 6url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193932 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 7url:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193933 - Security Advisory

Trust: 0.1

title:Debian Security Advisories: DSA-4348-1 openssl -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=322bd50b7b929759e38c99b73122a852

Trust: 0.1

title:IBM: IBM Security Bulletin: IBM NeXtScale Fan Power Controller (FPC) is affected by vulnerability in OpenSSL (CVE-2018-0734)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=089729287496a632fa4c42658b60b635

Trust: 0.1

title:IBM: IBM Security Bulletin: IBM MQ Appliance is affected by an OpenSSL vulnerability (CVE-2018-0734)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=3b0880c0fe7c1c2995382c68ba0fd928

Trust: 0.1

title:IBM: IBM Security Bulletin: OpenSSL DSA signature algorithm security vulnerability affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-0734)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=bf4a61aab0614bc21bae17e61513abdc

Trust: 0.1

title:IBM: IBM Security Bulletin: A security vulnerability has been identified in OpenSSL, which is shipped with IBM Tivoli Network Manager IP Edition (CVE-2018-0734)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=9f92a5713223095107b36bb14efd3013

Trust: 0.1

title:IBM: IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Rational ClearQuest (CVE-2018-0734, CVE-2018-5407)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=c36f1dd66164e22918d817553be91620

Trust: 0.1

title:IBM: IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Worklight and IBM MobileFirst Platform Foundationurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=1b873a45dce8bb56ff011908a9402b67

Trust: 0.1

title:IBM: IBM Security Bulletin: IBM QRadar Network Security is affected by openssl vulnerabilities (CVE-2019-1559, CVE-2018-0734)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=7ceb7cf440b088f91358d1c597d5a414

Trust: 0.1

title:IBM: IBM Security Bulletin: IBM Cloud Manager with OpenStack is affected by a OpenSSL vulnerabilities (CVE-2018-0734)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=bcd3c8de23a34fb577cecdb0096912bf

Trust: 0.1

title:IBM: IBM Security Bulletin: OpenSSL vunerabilityurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=f89f8f6307af3f9e5b1f4d0ffb1a9677

Trust: 0.1

title:IBM: IBM Security Bulletin: IBM Security Proventia Network Active Bypass is affected by openssl vulnerabilities (CVE-2018-0734)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=4f65fc12e5864fd96d0965bd485769d5

Trust: 0.1

title:IBM: IBM Security Bulletin: IBM RackSwitch firmware products are affected by vulnerability in OpenSSL (CVE-2018-0734)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=96f2e72442af5a4308e4a45305db78b4

Trust: 0.1

title:IBM: IBM Security Bulletin: Multiple Security Vulnerabilities in OpenSSL Affect IBM Sterling B2B Integrator (CVE-2018-0734, CVE-2018-5407)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=e4ca493bfda92c5355c98328872a84e5

Trust: 0.1

title:IBM: IBM Security Bulletin: IBM Event Streams is affected by OpenSSL vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=efdce9b94f89918f3f2b2dfc69780ccd

Trust: 0.1

title:IBM: IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Rational ClearCase (CVE-2018-0734, CVE-2018-5407)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=ddeebd7237369bd2318e4087834121a5

Trust: 0.1

title:Tenable Security Advisories: [R1] Nessus 8.1.1 Fixes Multiple Third-party Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2018-16

Trust: 0.1

title:IBM: IBM Security Bulletin: Vulnerability affects Watson Explorer Foundational Components (CVE-2018-0732, CVE-2018-0734, CVE-2018-0737)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=4f5f12bea67642140a5af636a3850c79

Trust: 0.1

title:IBM: IBM Security Bulletin: Security vulnerabilities identified in OpenSSL affect Rational Build Forge (CVE-2018-0734, CVE-2018-5407 and CVE-2019-1559)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=e59d7f075c856823d6f7370dea35e662

Trust: 0.1

title:IBM: IBM Security Bulletin: Vulnerabilities in GNU OpenSSL (1.0.2 series) affect IBM Netezza Analyticsurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=ac5ccbde4e4ddbcabd10cacf82487a11

Trust: 0.1

title:IBM: IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Sterling Connect:Express for UNIX (CVE-2018-0734 and CVE-2018-5407)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=fda6d001f041b9b0a29d906059d798b4

Trust: 0.1

title:IBM: IBM Security Bulletin: IBM DataPower Gateway is affected by vulnerabilities in OpenSSLurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=c7313d7a6ba5364a603c214269588feb

Trust: 0.1

title:IBM: Security Bulletin: Vulnerabities in SSL in IBM DataPower Gatewayurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=5fc1433ca504461e3bbb1d30e408592c

Trust: 0.1

title:IBM: IBM Security Bulletin: IBM InfoSphere Master Data Management Standard and Advanced Editions are affected by vulnerabilities in OpenSSL (CVE-2018-0735, CVE-2018-0734, CVE-2018-5407)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=c829d56f5888779e791387897875c4b4

Trust: 0.1

title:IBM: IBM Security Bulletin: Vulnerability affects Watson Explorer Foundational Components (CVE-2018-0732, CVE-2018-0734, CVE-2018-0737)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=35f40c202a57607f29c0bb486da6ea8a

Trust: 0.1

title:Tenable Security Advisories: [R1] Nessus 7.1.4 Fixes Multiple Third-party Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2018-17

Trust: 0.1

title:IBM: IBM Security Bulletin: Vulnerabilities in OpenSSL affect GCM16 & GCM32 KVM Switch Firmware (CVE-2018-0734, CVE-2018-0737, CVE-2018-0739)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=d3d3f316d14423d9850192f1d5f20a1b

Trust: 0.1

title:IBM: IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM InfoSphere Information Serverurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=d04b79d120c8d1de061ffc3f57258fcb

Trust: 0.1

title:IBM: IBM Security Bulletin:IBM Security Identity Adapters has released a fix in response to the OpenSSL vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=00b8bc7d11e5484e8721f3f62ec2ce87

Trust: 0.1

title:IBM: Security Bulletin: Vulnerabilities have been identified in OpenSSL and the Kernel shipped with the DS8000 Hardware Management Console (HMC)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=423d1da688755122eb2591196e4cc160

Trust: 0.1

title:Debian CVElist Bug Report Logs: mysql-5.7: Security fixes from the January 2019 CPUurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=996600102cb3180bfad1fcc5c68a4d77

Trust: 0.1

title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2019url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=4ee609eeae78bbbd0d0c827f33a7f87f

Trust: 0.1

title:IBM: IBM Security Bulletin: Multiple Security Vulnerabilities affect IBM® Cloud Private – Node.jsurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=2e571e7bc5566212c3e69e37ecfa5ad4

Trust: 0.1

title:IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Rational Application Developer for WebSphere Softwareurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=2bd72b857f21f300d83d07a791be44cf

Trust: 0.1

title:Forcepoint Security Advisories: CVE-2018-0734 and CVE-2019-1559 (OpenSSL)url:https://vulmon.com/vendoradvisory?qidtp=forcepoint_security_advisories&qid=b508c983da563a8786bf80c360afb887

Trust: 0.1

title:IBM: IBM Security Bulletin: Multiple vulnerabilities affect IBM® SDK for Node.js™ in IBM Cloudurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=26f585287da19915b94b6cae2d1b864f

Trust: 0.1

title:IBM: IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Management V2018url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=dce787e9d669a768893a91801bf5eea4

Trust: 0.1

title:IBM: IBM Security Bulletin: Multiple Security Vulnerabilities have been addressed in IBM Security Access Manager Applianceurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=800337bc69aa7ad92ac88a2adcc7d426

Trust: 0.1

title:IBM: IBM Security Bulletin: Multiple Security Vulnerabilities affect IBM® Cloud Private – fluentdurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=60de0933c28b353f38df30120aa2a908

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - January 2019url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=f655264a6935505d167bbf45f409a57b

Trust: 0.1

title:IBM: IBM Security Bulletin: Vyatta 5600 vRouter Software Patches – Releases 1801-w and 1801-yurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=bf3f2299a8658b7cd3984c40e7060666

Trust: 0.1

title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2019url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=aea3fcafd82c179d3a5dfa015e920864

Trust: 0.1

title:IBM: IBM Security Bulletin: Vyatta 5600 vRouter Software Patches – Release 1801-vurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=413b5f9466c1ebf3ab090a45e189b43e

Trust: 0.1

title:IBM: IBM Security Bulletin: IBM API Connect has addressed multiple vulnerabilities in Developer Portal’s dependencies – Cumulative list from June 28, 2018 to December 13, 2018url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=43da2cd72c1e378d8d94ecec029fcc61

Trust: 0.1

title: - url:https://github.com/Live-Hack-CVE/CVE-2018-0734

Trust: 0.1

title: - url:https://github.com/Qi-Zhan/ps3

Trust: 0.1

title:vygerurl:https://github.com/mrodden/vyger

Trust: 0.1

title: - url:https://github.com/vincent-deng/veracode-container-security-finding-parser

Trust: 0.1

sources: VULMON: CVE-2018-0734 // CNNVD: CNNVD-201810-1435

EXTERNAL IDS

db:NVDid:CVE-2018-0734

Trust: 2.5

db:TENABLEid:TNS-2018-17

Trust: 1.8

db:TENABLEid:TNS-2018-16

Trust: 1.8

db:BIDid:105758

Trust: 1.8

db:PACKETSTORMid:155414

Trust: 0.8

db:CNNVDid:CNNVD-201810-1435

Trust: 0.7

db:AUSCERTid:ESB-2019.0660

Trust: 0.6

db:AUSCERTid:ESB-2019.0960

Trust: 0.6

db:AUSCERTid:ESB-2019.0481

Trust: 0.6

db:AUSCERTid:ESB-2019.0514

Trust: 0.6

db:AUSCERTid:ESB-2019.3390.4

Trust: 0.6

db:AUSCERTid:ESB-2020.4251

Trust: 0.6

db:AUSCERTid:ESB-2019.4403

Trust: 0.6

db:AUSCERTid:ESB-2019.0644.2

Trust: 0.6

db:AUSCERTid:ESB-2020.0491

Trust: 0.6

db:AUSCERTid:ESB-2022.0696

Trust: 0.6

db:AUSCERTid:ESB-2019.4479.2

Trust: 0.6

db:AUSCERTid:ESB-2019.4753

Trust: 0.6

db:AUSCERTid:ESB-2019.4479

Trust: 0.6

db:AUSCERTid:ESB-2020.0102

Trust: 0.6

db:AUSCERTid:ESB-2020.0529

Trust: 0.6

db:PACKETSTORMid:153932

Trust: 0.2

db:PACKETSTORMid:155160

Trust: 0.2

db:PACKETSTORMid:155417

Trust: 0.2

db:PACKETSTORMid:150437

Trust: 0.2

db:PACKETSTORMid:155416

Trust: 0.2

db:PACKETSTORMid:150683

Trust: 0.1

db:VULHUBid:VHN-118936

Trust: 0.1

db:VULMONid:CVE-2018-0734

Trust: 0.1

db:PACKETSTORMid:150860

Trust: 0.1

sources: VULHUB: VHN-118936 // VULMON: CVE-2018-0734 // PACKETSTORM: 150437 // PACKETSTORM: 155414 // PACKETSTORM: 155417 // PACKETSTORM: 150860 // PACKETSTORM: 153932 // PACKETSTORM: 155416 // PACKETSTORM: 155160 // CNNVD: CNNVD-201810-1435 // NVD: CVE-2018-0734

REFERENCES

url:http://www.securityfocus.com/bid/105758

Trust: 3.1

url:https://access.redhat.com/errata/rhsa-2019:3932

Trust: 2.5

url:https://access.redhat.com/errata/rhsa-2019:3933

Trust: 2.5

url:https://access.redhat.com/errata/rhsa-2019:3935

Trust: 2.5

url:https://access.redhat.com/errata/rhsa-2019:2304

Trust: 2.0

url:https://access.redhat.com/errata/rhsa-2019:3700

Trust: 1.9

url:https://usn.ubuntu.com/3840-1/

Trust: 1.9

url:https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/

Trust: 1.8

url:https://security.netapp.com/advisory/ntap-20181105-0002/

Trust: 1.8

url:https://security.netapp.com/advisory/ntap-20190118-0002/

Trust: 1.8

url:https://security.netapp.com/advisory/ntap-20190423-0002/

Trust: 1.8

url:https://www.openssl.org/news/secadv/20181030.txt

Trust: 1.8

url:https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

Trust: 1.8

url:https://www.tenable.com/security/tns-2018-16

Trust: 1.8

url:https://www.tenable.com/security/tns-2018-17

Trust: 1.8

url:https://www.debian.org/security/2018/dsa-4348

Trust: 1.8

url:https://www.debian.org/security/2018/dsa-4355

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpuapr2020.html

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpujan2020.html

Trust: 1.8

url:https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Trust: 1.8

url:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html

Trust: 1.8

url:https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=8abfe72e8c1de1b95f50aa0d9134803b4d00070f

Trust: 1.1

url:https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=ef11e19d1365eea2b1851e6f540a0bf365d303e7

Trust: 1.1

url:https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=43e6a58d4991a451daf4891ff05a48735df871ac

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ewc42uxl5ghtu5g77vkbf6jyuungshom/

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zbev5qgdrfuzdmnecfxusn5fmyozde4v/

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/y3ivfgserazlnjck35tem2r4726xih3z/

Trust: 1.1

url:https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=43e6a58d4991a451daf4891ff05a48735df871ac

Trust: 0.7

url:https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f

Trust: 0.7

url:https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7

Trust: 0.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zbev5qgdrfuzdmnecfxusn5fmyozde4v/

Trust: 0.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/y3ivfgserazlnjck35tem2r4726xih3z/

Trust: 0.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ewc42uxl5ghtu5g77vkbf6jyuungshom/

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2018-0734

Trust: 0.7

url:http://aix.software.ibm.com/aix/efixes/security/openssl_advisory29.asc

Trust: 0.6

url:https://www.oracle.com/technetwork/topics/security/bulletinjan2019-5251593.html

Trust: 0.6

url:https://www.oracle.com/technetwork/topics/security/bulletinapr2019-5462008.html

Trust: 0.6

url:https://www.openssl.org/news/vulnerabilities.html

Trust: 0.6

url:https://www.openssl.org/news/openssl-1.0.2-notes.html

Trust: 0.6

url:http://openssl.org/

Trust: 0.6

url:https://www.openssl.org/news/cl102.txt

Trust: 0.6

url:https://github.com/openssl/openssl/commit/ef11e19d1365eea2b1851e6f540a0bf365d303e7

Trust: 0.6

url:https://github.com/openssl/openssl/commit/8abfe72e8c1de1b95f50aa0d9134803b4d00070f

Trust: 0.6

url:https://github.com/openssl/openssl/commit/43e6a58d4991a451daf4891ff05a48735df871ac

Trust: 0.6

url:https://support.symantec.com/us/en/article.symsa1490.html

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1284802

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1115655

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1115643

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1170328

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1170340

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1170334

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1170322

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1170352

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1170346

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1116357

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1142626

Trust: 0.6

url:http://www.ibm.com/support/docview.wss

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1115649

Trust: 0.6

url:https://www.auscert.org.au/bulletins/76338

Trust: 0.6

url:https://www-01.ibm.com/support/docview.wss?uid=ibm10875298

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-tivoli-netcool-system-service-monitors-application-service-monitors-cve-2018-5407cve-2020-1967cve-2018-0734cve-2019-1563cve-2019/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/76414

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4403/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4479/

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1138588

Trust: 0.6

url:https://www.oracle.com/security-alerts/cpujan2020verbose.html

Trust: 0.6

url:https://www.ibm.com/support/pages/node/3517185

Trust: 0.6

url:https://www-01.ibm.com/support/docview.wss?uid=ibm10870936

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1167202

Trust: 0.6

url:https://www.auscert.org.au/bulletins/77674

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-openssl-as-used-in-ibm-qradar-siem-is-vulnerable-to-a-timing-side-channel-attack-cve-2018-0734/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0491/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3390.4/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4479.2/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/75658

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.4251/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0696

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-have-been-identified-in-openssl-and-the-kernel-shipped-with-the-ds8000-hardware-management-console-hmc/

Trust: 0.6

url:https://packetstormsecurity.com/files/155414/red-hat-security-advisory-2019-3935-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0529/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4753/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-affects-ibm-integrated-analytics-system-2/

Trust: 0.6

url:http://www.ibm.com/support/docview.wss?uid=ibm10794861

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0102/

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1143442

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-spectrum-protect-plus-cve-2018-0735-cve-2018-0734-cve-2018-5407/

Trust: 0.6

url:https://www.ibm.com/support/pages/node/1169938

Trust: 0.6

url:https://www-01.ibm.com/support/docview.wss?uid=ibm10873310

Trust: 0.6

url:https://www.auscert.org.au/bulletins/75802

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2018-5407

Trust: 0.5

url:https://access.redhat.com/articles/11258

Trust: 0.5

url:https://access.redhat.com/security/team/contact/

Trust: 0.5

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.5

url:https://bugzilla.redhat.com/):

Trust: 0.5

url:https://access.redhat.com/security/cve/cve-2018-0734

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2018-0737

Trust: 0.4

url:https://access.redhat.com/security/team/key/

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-9513

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-9511

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-9517

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-0197

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2018-17199

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-9511

Trust: 0.3

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2018-17189

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-9517

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2018-0737

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2018-17199

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-9516

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-9513

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-0217

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-0217

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-0197

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2018-17189

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-9516

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2018-5407

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-0196

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-0196

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/327.html

Trust: 0.1

url:https://github.com/live-hack-cve/cve-2018-0734

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://tools.cisco.com/security/center/viewalert.x?alertid=59087

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0734

Trust: 0.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5407

Trust: 0.1

url:http://slackware.com

Trust: 0.1

url:http://osuosl.org)

Trust: 0.1

url:http://slackware.com/gpg-key

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://security-tracker.debian.org/tracker/openssl1.0

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-0732

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-1559

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-1559

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-0735

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#low

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-1543

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-0735

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-1543

Trust: 0.1

sources: VULHUB: VHN-118936 // VULMON: CVE-2018-0734 // PACKETSTORM: 150437 // PACKETSTORM: 155414 // PACKETSTORM: 155417 // PACKETSTORM: 150860 // PACKETSTORM: 153932 // PACKETSTORM: 155416 // PACKETSTORM: 155160 // CNNVD: CNNVD-201810-1435 // NVD: CVE-2018-0734

CREDITS

Red Hat,Samuel Weiser.

Trust: 0.6

sources: CNNVD: CNNVD-201810-1435

SOURCES

db:VULHUBid:VHN-118936
db:VULMONid:CVE-2018-0734
db:PACKETSTORMid:150437
db:PACKETSTORMid:155414
db:PACKETSTORMid:155417
db:PACKETSTORMid:150860
db:PACKETSTORMid:153932
db:PACKETSTORMid:155416
db:PACKETSTORMid:155160
db:CNNVDid:CNNVD-201810-1435
db:NVDid:CVE-2018-0734

LAST UPDATE DATE

2024-11-07T21:28:34.233000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-118936date:2020-08-24T00:00:00
db:VULMONid:CVE-2018-0734date:2023-11-07T00:00:00
db:CNNVDid:CNNVD-201810-1435date:2022-02-18T00:00:00
db:NVDid:CVE-2018-0734date:2023-11-07T02:51:05.217

SOURCES RELEASE DATE

db:VULHUBid:VHN-118936date:2018-10-30T00:00:00
db:VULMONid:CVE-2018-0734date:2018-10-30T00:00:00
db:PACKETSTORMid:150437date:2018-11-22T23:23:23
db:PACKETSTORMid:155414date:2019-11-20T23:02:22
db:PACKETSTORMid:155417date:2019-11-20T21:11:11
db:PACKETSTORMid:150860date:2018-12-20T15:05:22
db:PACKETSTORMid:153932date:2019-08-06T21:09:19
db:PACKETSTORMid:155416date:2019-11-20T20:55:55
db:PACKETSTORMid:155160date:2019-11-06T15:56:37
db:CNNVDid:CNNVD-201810-1435date:2018-10-31T00:00:00
db:NVDid:CVE-2018-0734date:2018-10-30T12:29:00.257