AVG-792

Package openssl
Status Vulnerable
Severity Low
Type multiple issues
Affected 1.1.1-1
Fixed Unknown
Current 1.1.1-1 [core]
Ticket Create
Created Mon Oct 29 09:45:04 2018
Issue Severity Remote Type Description
CVE-2018-0735 Low Yes Private key recovery
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack in openssl versions prior to 1.1.1a. An attacker could...
CVE-2018-0734 Low Yes Information disclosure
A timing vulnerability has been found in DSA signature generation in openssl versions up to and including 1.1.1, where information is leaked via a side...
References
https://www.openssl.org/news/secadv/20181029.txt