AVG-793

Package lib32-openssl
Status Fixed
Severity Low
Type private key recovery
Affected 1:1.1.1-1
Fixed 1:1.1.1.a-1
Current 1:1.1.1.a-1 [multilib]
Ticket None
Created Mon Oct 29 09:45:33 2018
Issue Severity Remote Type Description
CVE-2018-0735 Low Yes Private key recovery
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack in openssl versions prior to 1.1.1a. An attacker could...
CVE-2018-0734 Low Yes Private key recovery
A timing vulnerability has been found in DSA signature generation in openssl versions up to and including 1.1.1, where information is leaked via a side...
Date Advisory Package Description
08 Dec 2018 ASA-201812-6 lib32-openssl private key recovery
References
https://www.openssl.org/news/secadv/20181029.txt