AVG-540 log
| Package | openssl |
| Status | Fixed |
| Severity | Medium |
| Type | multiple issues |
| Affected | 1.1.0.g-1 |
| Fixed | 1.1.0.h-1 |
| Current | 3.4.0-1 [core] |
| Ticket | None |
| Created | Thu Dec 7 18:02:06 2017 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2018-0739 | Medium | No | Denial of service | A stack-exhaustion issue has been found in OpenSSL <= 1.1.0h, where constructed ASN.1 types with a recursive definition (such as can be found in PKCS7)... |
| CVE-2017-3738 | Medium | Yes | Private key recovery | There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected.... |
| Date | Advisory | Package | Type |
|---|---|---|---|
| 01 Apr 2018 | ASA-201804-2 | openssl | multiple issues |