CVE-2018-0734 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Low
Remote	Yes
Type	Private key recovery
Description	A timing vulnerability has been found in DSA signature generation in openssl versions up to and including 1.1.1, where information is leaked via a side channel when a BN is resized and could lead to private key recovery.

Group	Package	Affected	Fixed	Severity	Status
AVG-807	openssl-1.0	1.0.2.p-1	1.0.2.q-1	Low	Fixed
AVG-806	lib32-openssl-1.0	1.0.2.p-1	1.0.2.q-1	Low	Fixed
AVG-793	lib32-openssl	1:1.1.1-1	1:1.1.1.a-1	Low	Fixed
AVG-792	openssl	1.1.1-1	1.1.1.a-1	Low	Fixed

Date	Advisory	Group	Package	Severity	Type
08 Dec 2018	ASA-201812-8	AVG-807	openssl-1.0	Low	private key recovery
08 Dec 2018	ASA-201812-7	AVG-806	lib32-openssl-1.0	Low	private key recovery
08 Dec 2018	ASA-201812-6	AVG-793	lib32-openssl	Low	private key recovery
08 Dec 2018	ASA-201812-5	AVG-792	openssl	Low	private key recovery

References
https://www.openssl.org/news/secadv/20181030.txt https://github.com/openssl/openssl/commit/8abfe72e8c1de1b95f50aa0d9134803b4d00070f https://github.com/openssl/openssl/pull/7486