AVG-550 log
| Package | openssl-1.0 |
| Status | Fixed |
| Severity | Medium |
| Type | multiple issues |
| Affected | 1.0.2.l-2 |
| Fixed | 1.0.2.n-1 |
| Current | Removed |
| Ticket | None |
| Created | Sun Dec 17 17:56:03 2017 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2017-3738 | Medium | Yes | Private key recovery | There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected.... |
| CVE-2017-3737 | Medium | Yes | Information disclosure | OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then... |