MGASA-2018-0365

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2018-0365.html

Import Source

https://advisories.mageia.org/MGASA-2018-0365.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2018-0365

Related

Published

2018-09-02T19:07:30Z

Modified

2018-09-02T18:45:50Z

Summary

Updated openssl packages fix security vulnerabilities

Details

Updated openssl packages fix security vulnerabilities:

During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (CVE-2018-0732).

The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key (CVE-2018-0737).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:6 / openssl

Package

Name: openssl
Purl: pkg:rpm/mageia/openssl?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.2p-1.mga6

Ecosystem specific

{
    "section": "core"
}