AVG-677 log
| Package | openssl-1.0 |
| Status | Fixed |
| Severity | Low |
| Type | multiple issues |
| Affected | 1.0.2.o-1 |
| Fixed | 1.0.2.p-1 |
| Current | Removed |
| Ticket | None |
| Created | Mon Apr 16 15:46:58 2018 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2018-0737 | Low | No | Private key recovery | A cache-timing side channel attack in the RSA key generation algorithm has been found in OpenSSL <= 1.1.0h and <= 1.0.2o. An attacker with sufficient access... |
| CVE-2018-0732 | Low | Yes | Denial of service | During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause... |
| References |
|---|
https://github.com/openssl/openssl/commit/349a41da1ad88ad87825414752a8ff5fdd6a6c3f |