Oval Definition:oval:com.ubuntu.bionic:def:20190223000
Revision Date:2019-04-23Version:1
Title:CVE-2019-0223 on Ubuntu 18.04 LTS (bionic) - medium.
Description:While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1.1.0. This means that an undetected man in the middle attack could be constructed if an attacker can arrange to intercept TLS traffic.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2019-0223
Platform(s):Ubuntu 18.04 LTS
Product(s):
Definition Synopsis
  • Ubuntu 18.04 LTS (bionic) is installed.
  • AND The vulnerability of the 'qpid-proton' package in bionic is not known (status: 'needs-triage'). It is pending evaluation.
  • BACK