AVG-793 log
| Package | lib32-openssl |
| Status | Fixed |
| Severity | Low |
| Type | private key recovery |
| Affected | 1:1.1.1-1 |
| Fixed | 1:1.1.1.a-1 |
| Current | 1:3.2.1-1 [multilib] |
| Ticket | None |
| Created | Mon Oct 29 09:45:33 2018 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2018-0735 | Low | Yes | Private key recovery | The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack in openssl versions prior to 1.1.1a. An attacker could... |
| CVE-2018-0734 | Low | Yes | Private key recovery | A timing vulnerability has been found in DSA signature generation in openssl versions up to and including 1.1.1, where information is leaked via a side... |
| Date | Advisory | Package | Type |
|---|---|---|---|
| 08 Dec 2018 | ASA-201812-6 | lib32-openssl | private key recovery |
| References |
|---|
https://www.openssl.org/news/secadv/20181029.txt |