Download
| Alert*
oval:org.secpod.oval:def:48611
The host is installed with OpenSSL 1.1.0 through 1.1.0i or 1.1.1 and is prone to a timing side channel attack vulnerability. A flaw is present in the ECDSA algorithm. On successful exploitation, an attacker could use variations in the signing algorithm to recover the private key. oval:org.secpod.oval:def:1000719 The remote host is missing a patch 151912-14 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:51179 openssl: Secure Socket Layer cryptographic library and tools - openssl1.0: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:1504320 [1.1.1c-2] - do not try to use EC groups disallowed in FIPS mode in TLS - fix Valgrind regression with constant-time code [1.1.1c-1] - update to the 1.1.1c release [1.1.1b-6] - adjust the default cert pbe algorithm for pkcs12 -export in the FIPS mode [1.1.1b-5] - Fix small regressions related to the ... oval:org.secpod.oval:def:205170 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures For more details about the security issu ... oval:org.secpod.oval:def:502625 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures For more details about the security issu ... oval:org.secpod.oval:def:1000665 The remote host is missing a patch 151913-14 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:2103873 The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2 ... oval:org.secpod.oval:def:2103884 Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on "port contention". oval:org.secpod.oval:def:503412 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. The following packages have been upgraded to a later upstream version: openssl . Security Fix: * openssl: timing side channel atta ... oval:org.secpod.oval:def:89049756 This update for openssl-1_1 fixes the following issues: Security issues fixed: - CVE-2018-0734: Fixed timing vulnerability in DSA signature generation . - CVE-2018-0735: Fixed timing vulnerability in ECDSA signature generation . oval:org.secpod.oval:def:704418 openssl: Secure Socket Layer cryptographic library and tools - openssl1.0: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:66494 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. The following packages have been upgraded to a later upstream version: openssl . Security Fix: * openssl: timing side channel atta ... oval:org.secpod.oval:def:603582 Several local side channel attacks and a denial of service via large Diffie-Hellman parameters were discovered in OpenSSL, a Secure Sockets Layer toolkit. oval:org.secpod.oval:def:2105926 Oracle Solaris 11 - ( CVE-2018-12120 ) oval:org.secpod.oval:def:53471 Several local side channel attacks and a denial of service via large Diffie-Hellman parameters were discovered in OpenSSL, a Secure Sockets Layer toolkit. |