AVG-675 log
Package | lib32-openssl |
Status | Fixed |
Severity | Low |
Type | multiple issues |
Affected | 1:1.1.0.h-1 |
Fixed | 1:1.1.0.i-1 |
Current | 1:3.4.0-1 [multilib] |
Ticket | None |
Created | Mon Apr 16 15:46:11 2018 |
Issue | Severity | Remote | Type | Description |
---|---|---|---|---|
CVE-2018-0737 | Low | No | Private key recovery | A cache-timing side channel attack in the RSA key generation algorithm has been found in OpenSSL <= 1.1.0h and <= 1.0.2o. An attacker with sufficient access... |
CVE-2018-0732 | Low | Yes | Denial of service | During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause... |
References |
---|
https://github.com/openssl/openssl/commit/6939eab03a6e23d2bd2c3f5e34fe1d48e542e787 |