Updated openssl packages fix security vulnerabilities
Publication date: 27 Nov 2018Modification date: 27 Nov 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-0734 , CVE-2018-5407
Description
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p). (CVE-2018-0734) Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'. (CVE-2018-5407
References
SRPMS
6/core
- openssl-1.0.2q-1.mga6