Oval Definition:	oval:com.ubuntu.precise:def:20076755000
Revision Date: 2013-10-11 Version: 1 Title: CVE-2007-6755 on Ubuntu 12.04 LTS (precise) - low. Description: The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE. Family: unix Class: vulnerability Status: Reference(s): CVE-2007-6755 Platform(s): Ubuntu 12.04 LTS Product(s): Definition Synopsis Ubuntu 12.04 LTS (precise) is installed. AND Package Information The vulnerability of the 'bouncycastle' package in precise is not known (status: 'needs-triage'). It is pending evaluation. OR NOT While related to the CVE in some way, the 'gnutls26' package in precise is not affected. OR NOT While related to the CVE in some way, the 'gnutls28' package in precise is not affected. OR NOT While related to the CVE in some way, the 'libgcrypt11' package in precise is not affected. OR NOT While related to the CVE in some way, the 'nss' package in precise is not affected. OR NOT While related to the CVE in some way, the 'openssl' package in precise is not affected. OR NOT While related to the CVE in some way, the 'openssl098' package in precise is not affected. OR The vulnerability of the 'polarssl' package in precise is not known (status: 'needs-triage'). It is pending evaluation. OR NOT While related to the CVE in some way, the 'python-crypto' package in precise is not affected.
BACK