| Revision Date: | 2013-10-11 | Version: | 1 | | Title: | CVE-2007-6755 on Ubuntu 16.04 LTS (xenial) - low. | | Description: | The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.
| | Family: | unix | Class: | vulnerability | | Status: | | Reference(s): | CVE-2007-6755
| | Platform(s): | Ubuntu 16.04 LTS
| Product(s): | | | Definition Synopsis | | Ubuntu 16.04 LTS (xenial) is installed. AND Package Information
NOT libbcmail-java package in xenial, while related to the CVE in some way, is not affected (note: 'code not present').
OR NOT libbcpg-java package in xenial, while related to the CVE in some way, is not affected (note: 'code not present').
OR NOT libbcpkix-java package in xenial, while related to the CVE in some way, is not affected (note: 'code not present').
OR NOT libbcprov-java package in xenial, while related to the CVE in some way, is not affected (note: 'code not present').
OR NOT gnutls-bin package in xenial, while related to the CVE in some way, is not affected.
OR NOT guile-gnutls package in xenial, while related to the CVE in some way, is not affected.
OR NOT libgnutls-openssl27 package in xenial, while related to the CVE in some way, is not affected.
OR NOT libgnutls30 package in xenial, while related to the CVE in some way, is not affected.
OR NOT libgnutlsxx28 package in xenial, while related to the CVE in some way, is not affected.
OR NOT libmbedcrypto0 package in xenial, while related to the CVE in some way, is not affected.
OR NOT libmbedtls10 package in xenial, while related to the CVE in some way, is not affected.
OR NOT libmbedx509-0 package in xenial, while related to the CVE in some way, is not affected.
OR NOT libnss3 package in xenial, while related to the CVE in some way, is not affected.
OR NOT libnss3-1d package in xenial, while related to the CVE in some way, is not affected.
OR NOT libnss3-nssdb package in xenial, while related to the CVE in some way, is not affected.
OR NOT libnss3-tools package in xenial, while related to the CVE in some way, is not affected.
OR NOT libssl1.0.0 package in xenial, while related to the CVE in some way, is not affected.
OR NOT openssl package in xenial, while related to the CVE in some way, is not affected.
OR NOT python-crypto package in xenial, while related to the CVE in some way, is not affected.
OR NOT python3-crypto package in xenial, while related to the CVE in some way, is not affected.
|
|