AVG-806

Package lib32-openssl-1.0
Status Fixed
Severity Low
Type private key recovery
Affected 1.0.2.p-1
Fixed 1.0.2.q-1
Current 1.0.2.r-1 [multilib]
Ticket None
Created Mon Nov 12 17:28:53 2018
Issue Severity Remote Type Description
CVE-2018-5407 Low No Private key recovery
A vulnerability has been found in the ECC scalar multiplication implementation of OpenSSL < 1.1.0i and <= 1.0.2p. The implementation, used in e.g. ECDSA and...
CVE-2018-0734 Low Yes Private key recovery
A timing vulnerability has been found in DSA signature generation in openssl versions up to and including 1.1.1, where information is leaked via a side...
Date Advisory Package Description
08 Dec 2018 ASA-201812-7 lib32-openssl-1.0 private key recovery