rpm package
suse/openssl&distro=SUSE Linux Enterprise Server 12 SP2-BCL
pkg:rpm/suse/openssl&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL
Vulnerabilities (24)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-5407 | Med | 4.7 | < 1.0.2j-60.46.1 | 1.0.2j-60.46.1 | Nov 15, 2018 | Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'. | |
| CVE-2018-0734 | Med | 5.9 | < 1.0.2j-60.46.1 | 1.0.2j-60.46.1 | Oct 30, 2018 | The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fi | |
| CVE-2018-0732 | Hig | 7.5 | < 1.0.2j-60.30.1 | 1.0.2j-60.30.1 | Jun 12, 2018 | During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client | |
| CVE-2018-0737 | Med | 5.9 | < 1.0.2j-60.39.1 | 1.0.2j-60.39.1 | Apr 16, 2018 | The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affec |
- affected < 1.0.2j-60.46.1fixed 1.0.2j-60.46.1
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
- affected < 1.0.2j-60.46.1fixed 1.0.2j-60.46.1
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fi
- affected < 1.0.2j-60.30.1fixed 1.0.2j-60.30.1
During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client
- affected < 1.0.2j-60.39.1fixed 1.0.2j-60.39.1
The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affec
Page 2 of 2