AVG-675 log

Package lib32-openssl
Status Fixed
Severity Low
Type multiple issues
Affected 1:1.1.0.h-1
Fixed 1:1.1.0.i-1
Current 1:3.3.2-1 [multilib]
Ticket None
Created Mon Apr 16 15:46:11 2018
Issue Severity Remote Type Description
CVE-2018-0737 Low No Private key recovery
A cache-timing side channel attack in the RSA key generation algorithm has been found in OpenSSL <= 1.1.0h and <= 1.0.2o. An attacker with sufficient access...
CVE-2018-0732 Low Yes Denial of service
During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause...
References
https://github.com/openssl/openssl/commit/6939eab03a6e23d2bd2c3f5e34fe1d48e542e787