MGASA-2018-0470

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2018-0470.html

Import Source

https://advisories.mageia.org/MGASA-2018-0470.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2018-0470

Related

Published

2018-11-27T15:26:11Z

Modified

2018-11-27T15:02:37Z

Summary

Updated openssl packages fix security vulnerabilities

Details

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p). (CVE-2018-0734)

Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'. (CVE-2018-5407

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:6 / openssl

Package

Name: openssl
Purl: pkg:rpm/mageia/openssl?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.2q-1.mga6

Ecosystem specific

{
    "section": "core"
}