Oval Definition:oval:com.ubuntu.bionic:def:201810005200000000
Revision Date:2018-06-26Version:1
Title:CVE-2018-1000520 on Ubuntu 18.04 LTS (bionic) - low.
Description:ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows Incorrectly Signed Certificates vulnerability in mbedtls_ssl_get_verify_result() that can result in ECDSA-signed certificates are accepted, when only RSA-signed ones should be.. This attack appear to be exploitable via Peers negotiate a TLS-ECDH-RSA-* ciphersuite. Any of the peers can then provide an ECDSA-signed certificate, when only an RSA-signed one should be accepted..
Family:unixClass:vulnerability
Status:Reference(s):CVE-2018-1000520
Platform(s):Ubuntu 18.04 LTS
Product(s):
Definition Synopsis
  • Ubuntu 18.04 LTS (bionic) is installed.
  • AND mbedtls package in bionic is affected and needs fixing.
  • BACK