Security Bulletin: Vulnerabities in SSL in IBM DataPower Gateway

Summary IBM DataPower Gateway has addressed two CVEs relating to SSL: CVE-2019-1559 & CVE-2018-0734 Vulnerability Details CVEID: CVE-2019-1559 DESCRIPTION: If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then...

EulerOS 2.0 SP2 : openssl110f (EulerOS-SA-2020-1629)

According to the versions of the openssl110f packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2019-1654)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openssl: timing side channel attack in the ECDSA signature generation

The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j Affected 1.1.0-1.1.0i. Fixed in OpenSSL 1.1.1a Affected 1.1.1...

UBUNTU-CVE-2018-0735

The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j Affected 1.1.0-1.1.0i. Fixed in OpenSSL 1.1.1a Affected 1.1.1...

CVE-2018-0735

The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j Affected 1.1.0-1.1.0i. Fixed in OpenSSL 1.1.1a Affected 1.1.1...