Mageia 6: 2018-0470 Moderate: OpenSSL Timing Attack Security Fix
mageia
November 27, 2018
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack
Summary
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a
timing side channel attack. An attacker could use variations in the
signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a
(Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed
in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p). (CVE-2018-0734)
Simultaneous Multi-threading (SMT) in processors can enable local usersto exploit software vulnerable to timing attacks via a side-channel
timing attack on 'port contention'. (CVE-2018-5407
References
- https://bugs.mageia.org/show_bug.cgi?id=23870
- https://openssl-library.org/news/secadv/20181030.txt
- https://openssl-library.org/news/secadv/20181112.txt
- https://www.cve.org/CVERecord?id=CVE-2018-0734
- https://www.cve.org/CVERecord?id=CVE-2018-5407
Topics Covered
Resolution
SRPMS
- 6/core/openssl-1.0.2q-1.mga6
PREVIOUS
NEXT
Publication date: 27 Nov 2018
URL: https://advisories.mageia.org/MGASA-2018-0470.html
Type: security
CVE: CVE-2018-0734,
CVE-2018-5407
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!