CLD-363 Details

Other IDs this deficiency may be known by:

CVE ID CVE-2018-0737 (nvd) (mitre) (debian) (archlinux) (red hat) (suse) (ubuntu)
Other ID(s)

Basic Information:

Affected Package(s) openssl
Deficiency Type SECURITY
Date Created 2018-04-16 13:16:22
Date Last Modified 2018-08-16 11:00:40

Version Specific Information:

Cucumber 1.0 i686fixed in openssl-1.0.2p-i686-1
Cucumber 1.0 x86_64fixed in openssl-1.0.2p-x86_64-1 and openssl-lib_i686-1.0.2p-lib_i686-1

Cucumber 1.1 i686 fixed in openssl-1.0.2p-i686-1
Cucumber 1.1 x86_64 fixed in openssl-1.0.2p-x86_64-1 and openssl-lib_i686-1.0.2p-lib_i686-1


See and

OpenSSL has known about this vulnerability since January 2017 (that's over one
year) and has only acknowledged it now. They state it is a minor problem, so we
will not get a patch until they make their next routine release.

LibreSSL also knew about this vulnerability in January 2017. They published a
patch almost immediately. Good thing we're planning to switch to it in 2.0.