SUSE-SU-2018:2928-1 Security update for openssl

This update for openssl fixes the following issues: These security issues were fixed: - Prevent One&Done side-channel attack on RSA that allowed physically near attackers to use EM emanations to recover information bsc1104789 - CVE-2018-0737: The RSA Key generation algorithm has been shown to be...

Security update for compat-openssl098 (moderate)

This update for compat-openssl098 fixes the following security issues: - CVE-2018-0732: During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of...

SUSE-SU-2018:2683-1 Security update for compat-openssl098

This update for compat-openssl098 fixes the following security issues: - CVE-2018-0732: During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of...

Updated openssl packages fix security vulnerabilities

Updated openssl packages fix security vulnerabilities: During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime...

MGASA-2018-0365 Updated openssl packages fix security vulnerabilities

Updated openssl packages fix security vulnerabilities: During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime...

OpenSSL 1.1.0 < 1.1.0i Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.1.0i. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.1.0i advisory. - Simultaneous Multi-threading SMT in processors can enable local users to exploit software vulnerable to timing attacks via a...

SUSE-SU-2018:2492-1 Security update for openssl

This update for openssl fixes the following security issue: - CVE-2018-0737: The RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could have...

SUSE SLES11 Security Update : openssl (SUSE-SU-2018:2486-1)

This update for openssl fixes the following security issue : - CVE-2018-0737: The RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could have...

SUSE-SU-2018:2486-1 Security update for openssl

This update for openssl fixes the following security issue: - CVE-2018-0737: The RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could have...

Security Bulletin: Vulnerability in OpenSSL affects AIX (CVE-2018-0737)

Summary There is a vulnerability in OpenSSL used by AIX. Vulnerability Details CVEID: CVE-2018-0737 DESCRIPTION: The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during...

Ubuntu: Security Advisory (USN-3692-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : OpenSSL vulnerabilities (USN-3692-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3692-1 advisory. Keegan Ryan discovered that OpenSSL incorrectly handled ECDSA key generation. An attacker could possibly use this issue to perfor...

USN-3692-2: OpenSSL vulnerabilities

USN-3692-1 fixed a vulnerability in OpenSSL. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Keegan Ryan discovered that OpenSSL incorrectly handled ECDSA key generation. An attacker could possibly use this issue to perform a cache-timing attack and...

Security Bulletin: Vulnerabilitiy in OpenSSL affect IBM Storwize V7000 Unified

Summary Cross-protocol attack on TLS using SSLv2 Vulnerability Details OpenSSL is used in IBM Storwize V7000 Unified for providing communication security by encrypting data being transmitted. CVEID: CVE-2016-2177 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the incorrect u...

Security Bulletin: IBM Security Access Manager appliances are affected by vulnerabilities in OpenSSL

Summary Numerous vulnerabilities have been identified in OpenSSL. The IBM Security Access Manager appliances use OpenSSL and are affected by these vulnerabilities. Vulnerability Details CVEID: CVE-2016-6304 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by multiple memory leaks...

USN-3628-1: OpenSSL vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description Alejandro Cabrera Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia discovered that OpenSSL incorrectly handled RSA key generation. An attacker could possibly use this issue to...

Ubuntu 14.04 LTS / 16.04 LTS : OpenSSL vulnerability (USN-3628-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3628-1 advisory. Alejandro Cabrera Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia discovered that OpenSSL incorrectly handled RSA key...

USN-3628-1 openssl vulnerability

Alejandro Cabrera Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia discovered that OpenSSL incorrectly handled RSA key generation. An attacker could possibly use this issue to perform a cache-timing attack and recover private RSA keys...

Cache Timing Side-Channel Attack

openssl is vulnerable to cache timing side-channel attacks. The vulnerability exists due to the lack of constant time comparison during the RSA key generation of p and q, resulting in the potential ability to recover the private key...

Design/Logic Flaw

The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev Affected 1.1.0-1.1.0h...