CVE-2018-0737 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Low
Remote	No
Type	Private key recovery
Description	A cache-timing side channel attack in the RSA key generation algorithm has been found in OpenSSL <= 1.1.0h and <= 1.0.2o. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key.

Group	Package	Affected	Fixed	Severity	Status
AVG-677	openssl-1.0	1.0.2.o-1	1.0.2.p-1	Low	Fixed
AVG-676	lib32-openssl-1.0	1.0.2.o-1	1.0.2.p-1	Low	Fixed
AVG-675	lib32-openssl	1:1.1.0.h-1	1:1.1.0.i-1	Low	Fixed
AVG-674	openssl	1.1.0.h-1	1.1.0.i-1	Low	Fixed

References
https://www.openssl.org/news/secadv/20180416.txt https://github.com/openssl/openssl/commit/6939eab03a6e23d2bd2c3f5e34fe1d48e542e787 https://github.com/openssl/openssl/commit/349a41da1ad88ad87825414752a8ff5fdd6a6c3f

References

https://www.openssl.org/news/secadv/20180416.txt
https://github.com/openssl/openssl/commit/6939eab03a6e23d2bd2c3f5e34fe1d48e542e787
https://github.com/openssl/openssl/commit/349a41da1ad88ad87825414752a8ff5fdd6a6c3f