|Title:||OpenSSL: Timing vulnerability in DSA signature generation (CVE-2018-0734) (Windows)|
|Summary:||This host is running OpenSSL and is prone; to an information disclosure vulnerability.|
This host is running OpenSSL and is prone
to an information disclosure vulnerability.
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a
timing side channel attack. An attacker could use variations in the signing
algorithm to recover the private key.
OpenSSL versions 1.1.0-1.1.0i, 1.1.1 and 1.0.2-1.0.2p.
Upgrade OpenSSL to version 1.1.0j-dev, 1.1.1a-dev, 1.0.2q-dev or manually apply the fixes via Github.
See the references for more details.
BugTraq ID: 105758|
Common Vulnerability Exposure (CVE) ID: CVE-2018-0734
Debian Security Information: DSA-4348 (Google Search)
Debian Security Information: DSA-4355 (Google Search)
|Copyright||Copyright (C) 2018 Greenbone Networks GmbH|
|This is only one of 71225 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.