AVG-792

Package openssl
Status Fixed
Severity Low
Type private key recovery
Affected 1.1.1-1
Fixed 1.1.1.a-1
Current 1.1.1.b-1 [core]
Ticket None
Created Mon Oct 29 09:45:04 2018
Issue Severity Remote Type Description
CVE-2018-0735 Low Yes Private key recovery
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack in openssl versions prior to 1.1.1a. An attacker could...
CVE-2018-0734 Low Yes Private key recovery
A timing vulnerability has been found in DSA signature generation in openssl versions up to and including 1.1.1, where information is leaked via a side...
Date Advisory Package Description
08 Dec 2018 ASA-201812-5 openssl private key recovery
References
https://www.openssl.org/news/secadv/20181029.txt