AVG-807 log
| Package | openssl-1.0 |
| Status | Fixed |
| Severity | Low |
| Type | private key recovery |
| Affected | 1.0.2.p-1 |
| Fixed | 1.0.2.q-1 |
| Current | Removed |
| Ticket | None |
| Created | Mon Nov 12 17:29:17 2018 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2018-5407 | Low | No | Private key recovery | A vulnerability has been found in the ECC scalar multiplication implementation of OpenSSL < 1.1.0i and <= 1.0.2p. The implementation, used in e.g. ECDSA and... |
| CVE-2018-0734 | Low | Yes | Private key recovery | A timing vulnerability has been found in DSA signature generation in openssl versions up to and including 1.1.1, where information is leaked via a side... |
| Date | Advisory | Package | Type |
|---|---|---|---|
| 08 Dec 2018 | ASA-201812-8 | openssl-1.0 | private key recovery |