Severity Low
Remote No
Type Private key recovery
A cache-timing side channel attack in the RSA key generation algorithm has been found in OpenSSL <= 1.1.0h and <= 1.0.2o. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key.
Group Package Affected Fixed Severity Status Ticket
AVG-677 openssl-1.0 1.0.2.o-1 1.0.2.p-1 Low Fixed
AVG-676 lib32-openssl-1.0 1.0.2.o-1 1.0.2.p-1 Low Fixed
AVG-675 lib32-openssl 1:1.1.0.h-1 1:1.1.0.i-1 Low Fixed
AVG-674 openssl 1.1.0.h-1 1.1.0.i-1 Low Fixed