| Revision Date: | 2013-10-11 | Version: | 1 | | Title: | CVE-2007-6755 on Ubuntu 18.10 (cosmic) - low. | | Description: | The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.
| | Family: | unix | Class: | vulnerability | | Status: | | Reference(s): | CVE-2007-6755
| | Platform(s): | Ubuntu 18.10
| Product(s): | | | Definition Synopsis | | Ubuntu 18.10 (cosmic) is installed. AND Package Information
NOT libbcmail-java package in cosmic, while related to the CVE in some way, is not affected (note: 'code not present').
OR NOT libbcpg-java package in cosmic, while related to the CVE in some way, is not affected (note: 'code not present').
OR NOT libbcpkix-java package in cosmic, while related to the CVE in some way, is not affected (note: 'code not present').
OR NOT libbcprov-java package in cosmic, while related to the CVE in some way, is not affected (note: 'code not present').
OR NOT gnutls-bin package in cosmic, while related to the CVE in some way, is not affected.
OR NOT libgnutls-dane0 package in cosmic, while related to the CVE in some way, is not affected.
OR NOT libgnutls-openssl27 package in cosmic, while related to the CVE in some way, is not affected.
OR NOT libgnutls30 package in cosmic, while related to the CVE in some way, is not affected.
OR NOT libgnutlsxx28 package in cosmic, while related to the CVE in some way, is not affected.
OR NOT libmbedcrypto1 package in cosmic, while related to the CVE in some way, is not affected.
OR NOT libmbedtls10 package in cosmic, while related to the CVE in some way, is not affected.
OR NOT libmbedx509-0 package in cosmic, while related to the CVE in some way, is not affected.
OR NOT libnss3 package in cosmic, while related to the CVE in some way, is not affected.
OR NOT libnss3-tools package in cosmic, while related to the CVE in some way, is not affected.
OR NOT libssl1.1 package in cosmic, while related to the CVE in some way, is not affected.
OR NOT openssl package in cosmic, while related to the CVE in some way, is not affected.
OR NOT python-crypto package in cosmic, while related to the CVE in some way, is not affected.
OR NOT python3-crypto package in cosmic, while related to the CVE in some way, is not affected.
|
|