10 matches found
Security update for openssl-3
This update for openssl-3 fixes the following issues: CVE-2025-27587: timing side-channel vulnerability in the P-384 implementation when used with ECDSA bsc1243459. CVE-2024-12797: Fixed that RFC7250 handshakes with unauthenticated servers don't abort as expected. bsc1236599 CVE-2024-13176: Fixed...
SUSE-SU-2025:02042-1 Security update for openssl-3
This update for openssl-3 fixes the following issues: - CVE-2025-27587: timing side-channel vulnerability in the P-384 implementation when used with ECDSA bsc1243459. - CVE-2024-12797: Fixed that RFC7250 handshakes with unauthenticated servers don't abort as expected. bsc1236599 - CVE-2024-13176:...
SUSE CVE-2020-12401
During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox 80 and Firefox for Android 80...
SUSE CVE-2022-26387
When installing an add-on, Firefox verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on file could have been modified and Firefox would not have noticed. This vulnerability affects Firefox 98, Firefox ESR 91.7, and Thunderbird 91.7...
DEBIAN-CVE-2020-12399
NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird 68.9.0, Firefox 77, and Firefox ESR 68.9...
USN-4376-1 openssl vulnerabilities
Cesar Pereida García, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya, and Billy Brumley discovered that OpenSSL incorrectly handled ECDSA signatures. An attacker could possibly use this issue to perform a timing side-channel attack and recover private ECDSA keys...
ALPINE-CVE-2018-0734
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a Affected 1.1.1. Fixed in OpenSSL 1.1.0j Affected 1.1.0-1.1.0i. Fixed in OpenSSL 1.0.2q...
DEBIAN-CVE-2016-1000341
In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack. Where timings can be closely observed for the generation of signatures, the lack of blinding in 1.55, or earlier, may allow an attacker to gain information about the signature's k...
UBUNTU-CVE-2016-1000341
In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack. Where timings can be closely observed for the generation of signatures, the lack of blinding in 1.55, or earlier, may allow an attacker to gain information about the signature's k...
OpenJDK: DSA implementation timing attack (JCE, 8175106)
A covert timing channel flaw was found in the DSA implementation in the JCE component of OpenJDK. A remote attacker able to make a Java application generate DSA signatures on demand could possibly use this flaw to extract certain information about the used key via a timing side channel...