AVG-480 log
| Package | lib32-openssl-1.0 |
| Status | Fixed |
| Severity | Medium |
| Type | multiple issues |
| Affected | 1.0.2.l-2 |
| Fixed | 1.0.2.n-1 |
| Current | Removed |
| Ticket | None |
| Created | Thu Nov 2 16:00:17 2017 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2017-3738 | Medium | Yes | Private key recovery | There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected.... |
| CVE-2017-3737 | Medium | Yes | Information disclosure | OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then... |
| CVE-2017-3736 | Medium | Yes | Information disclosure | A carry propagation bug has been found in OpenSSL < 1.1.0g in the x86_64 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests... |
| CVE-2017-3735 | Low | Yes | Denial of service | A security issue has been found in OpenSSL < 1.1.0g. If an X.509 certificate has a malformed IPAddressFamily extension, OpenSSL could do a one-byte buffer... |
| Date | Advisory | Package | Type |
|---|---|---|---|
| 17 Dec 2017 | ASA-201712-11 | lib32-openssl-1.0 | multiple issues |