ALT-PU-2018-2675-1
Package openssl1.1 updated to version 1.1.0j-alt1 for branch sisyphus in task 216647.
Closed vulnerabilities
Published: 2018-10-16
BDU:2019-01256
Уязвимость реализации алгоритма шифрования DSA (Digital Signature Algorithm) библиотеки OpenSSL, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Severity: MEDIUM (5.9)
Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References:
Published: 2018-10-25
BDU:2019-01881
Уязвимость реализации алгоритма шифрования ECDSA библиотеки OpenSSL, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Severity: MEDIUM (5.9)
Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References:
Published: 2018-10-30
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-0734
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).
Severity: MEDIUM (5.9)
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References:
- openSUSE-SU-2019:1547
- openSUSE-SU-2019:1547
- openSUSE-SU-2019:1814
- openSUSE-SU-2019:1814
- 105758
- 105758
- RHSA-2019:2304
- RHSA-2019:2304
- RHSA-2019:3700
- RHSA-2019:3700
- RHSA-2019:3932
- RHSA-2019:3932
- RHSA-2019:3933
- RHSA-2019:3933
- RHSA-2019:3935
- RHSA-2019:3935
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=43e6a58d4991a451daf4891ff05a48735df871ac
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=43e6a58d4991a451daf4891ff05a48735df871ac
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=8abfe72e8c1de1b95f50aa0d9134803b4d00070f
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=8abfe72e8c1de1b95f50aa0d9134803b4d00070f
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ef11e19d1365eea2b1851e6f540a0bf365d303e7
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ef11e19d1365eea2b1851e6f540a0bf365d303e7
- FEDORA-2019-db06efdea1
- FEDORA-2019-db06efdea1
- FEDORA-2019-9a0a7c0986
- FEDORA-2019-9a0a7c0986
- FEDORA-2019-00c25b9379
- FEDORA-2019-00c25b9379
- https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/
- https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/
- https://security.netapp.com/advisory/ntap-20181105-0002/
- https://security.netapp.com/advisory/ntap-20181105-0002/
- https://security.netapp.com/advisory/ntap-20190118-0002/
- https://security.netapp.com/advisory/ntap-20190118-0002/
- https://security.netapp.com/advisory/ntap-20190423-0002/
- https://security.netapp.com/advisory/ntap-20190423-0002/
- USN-3840-1
- USN-3840-1
- DSA-4348
- DSA-4348
- DSA-4355
- DSA-4355
- https://www.openssl.org/news/secadv/20181030.txt
- https://www.openssl.org/news/secadv/20181030.txt
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://www.tenable.com/security/tns-2018-16
- https://www.tenable.com/security/tns-2018-16
- https://www.tenable.com/security/tns-2018-17
- https://www.tenable.com/security/tns-2018-17
Published: 2018-10-29
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-0735
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).
Severity: MEDIUM (5.9)
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References:
- 105750
- 105750
- 1041986
- 1041986
- RHSA-2019:3700
- RHSA-2019:3700
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=56fb454d281a023b3f950d969693553d3f3ceea1
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=56fb454d281a023b3f950d969693553d3f3ceea1
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4
- [debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update
- [debian-lts-announce] 20181121 [SECURITY] [DLA 1586-1] openssl security update
- https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/
- https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/
- https://security.netapp.com/advisory/ntap-20181105-0002/
- https://security.netapp.com/advisory/ntap-20181105-0002/
- USN-3840-1
- USN-3840-1
- DSA-4348
- DSA-4348
- https://www.openssl.org/news/secadv/20181029.txt
- https://www.openssl.org/news/secadv/20181029.txt
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.oracle.com/security-alerts/cpujan2020.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html