CVE-2024-2467
Publication date 25 April 2024
Last updated 16 December 2024
Ubuntu priority
A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The vulnerability affects the legacy PKCS#1v1.5 RSA encryption padding mode.
Status
Package | Ubuntu Release | Status |
---|---|---|
libcrypt-openssl-rsa-perl | 24.10 oracular |
Vulnerable, fix deferred
|
24.04 LTS noble |
Vulnerable, fix deferred
|
|
22.04 LTS jammy |
Vulnerable, fix deferred
|
|
20.04 LTS focal |
Vulnerable, fix deferred
|
|
18.04 LTS bionic |
Vulnerable, fix deferred
|
|
16.04 LTS xenial |
Vulnerable, fix deferred
|
|
14.04 LTS trusty | Ignored end of ESM support, was deferred [2024-12-16] |
Notes
mdeslaur
as of 2024-12-16, there is no fix available from the upstream libcrypt-openssl-rsa-perl developers