AVG-540

Package openssl
Status Fixed
Severity Medium
Type multiple issues
Affected 1.1.0.g-1
Fixed 1.1.0.h-1
Current 1.1.1-1 [core]
Ticket None
Created Thu Dec 7 18:02:06 2017
Issue Severity Remote Type Description
CVE-2018-0739 Medium No Denial of service
A stack-exhaustion issue has been found in OpenSSL <= 1.1.0h, where constructed ASN.1 types with a recursive definition (such as can be found in PKCS7)...
CVE-2017-3738 Medium Yes Private key recovery
There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected....
Date Advisory Package Description
01 Apr 2018 ASA-201804-2 openssl multiple issues